How to extract a string without using rex or erex?

greeshmak · ‎11-07-2016

Ex: I don't have clear logs for phone numbers, want to extract the phone number and then extract the country code from that field.

I'm able to extract the phone numbers. But not able to extract the country code, since i have phone numbers with 2 and 3 digit country codes.

Phone:

%2SV334789873956
%2SV3528658298570

Extracted Contact:

334789873956
3528658298570

I want to extract the first digits of above phone number. Here first number country code is 2 digits and second phone number has 3 digit country code.

I need Country codes like below:

33
352

Please suggest something on the above without using regex

aaraneta_splunk · ‎11-28-2016

@greeshmak - Did rich's answer below help you out? If yes, please don't forget to click "Accept" below his answer to resolve the question. If not, please leave a comment. Thanks.

richgalloway · ‎11-07-2016

Try this

... | eval cc=substr(pn,1,len(pn)-10) | ...

---
If this reply helps you, Karma would be appreciated.

How to extract a string without using rex or erex?

Splunk ITSI & Correlated Network Visibility

Community Content Calendar, August edition

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Are you a member of the Splunk Community?

How to extract a string without using rex or erex?

Splunk ITSI & Correlated Network Visibility

Community Content Calendar, August edition

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust