Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to extract a field based on character count?

eamuncal
Explorer
‎06-07-2011 12:52 AM

I have a field name X with the following value: 0123456789.
I want to create another field that is based on the first 4 characters of the field name X.
Then call it Y.

Any idea on how to do this? If its in bash my way would be to use cut -c1-4

Trying the regex and rex to no avail.

Thanks in advance.

emn.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎06-07-2011 01:16 AM

This should do it:

rex field=X "^(?<Y>\d{4})"

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎06-07-2011 01:16 AM

This should do it:

rex field=X "^(?<Y>\d{4})"
Reply
Solved! Jump to solution

eamuncal
Explorer
‎06-07-2011 01:19 AM

This sure did it! Thanks Ayn

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...