How to extract a string without using rex or erex?

greeshmak · ‎11-07-2016

Ex: I don't have clear logs for phone numbers, want to extract the phone number and then extract the country code from that field.

I'm able to extract the phone numbers. But not able to extract the country code, since i have phone numbers with 2 and 3 digit country codes.

Phone:

%2SV334789873956
%2SV3528658298570

Extracted Contact:

334789873956
3528658298570

I want to extract the first digits of above phone number. Here first number country code is 2 digits and second phone number has 3 digit country code.

I need Country codes like below:

33
352

Please suggest something on the above without using regex

aaraneta_splunk · ‎11-28-2016

@greeshmak - Did rich's answer below help you out? If yes, please don't forget to click "Accept" below his answer to resolve the question. If not, please leave a comment. Thanks.

richgalloway · ‎11-07-2016

Try this

... | eval cc=substr(pn,1,len(pn)-10) | ...

---
If this reply helps you, Karma would be appreciated.

How to extract a string without using rex or erex?

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...