Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to extract a substring based on its position within a field?

mcgi906
Explorer
‎07-11-2016 02:00 PM

I have a field that is of the form /Code153:4:Item1,Item2,Item3,Item4/Code211:2:Item5,Item6 where I need to extract a substring in the form of Code###:#:Item,Item,Item.... based upon the location of a search. For example, if it was Item 2 I was searching for then the string Code 153:4:Item1,Item2:Item3:Item4 would be returned.

I am stumped on how to accomplish this.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-11-2016 02:25 PM

Try like this

your current search | eval yourfield=split(yourfield,"/") | eval filteredVal=mvfilter(match(yourfield,"Item2"))

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-11-2016 02:25 PM

Try like this

your current search | eval yourfield=split(yourfield,"/") | eval filteredVal=mvfilter(match(yourfield,"Item2"))
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...