Splunk Search

How to reformat search results?

vinod0313
Engager

Hello

i got result like below from the splunk query

ABC123
DEF456
GHI789

But i want to show like below

ABC
DEF
GHI

Labels (1)
0 Karma

FrankVl
Ultra Champion

I might help if you share a bit more detail on the search you are running, but it sounds like you're looking for the substr() eval function:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/TextFunctions#substr.28X.2CY.2CZ...

0 Karma

vinod0313
Engager

Not looking for SubString 

if result from splunk query is like below

TokenValidationRequired
RequestValidationTrue


But i want to replace with another string like below

TOKENVALIDATIOn
REQUESTVALIDATION

0 Karma

FrankVl
Ultra Champion

You can do that in 2 ways:

1: with something like this:

 

| eval new_string = case(old_string="ABC","XYZ",old_string="DEF","UVW")

 

2: You could store the mapping into a lookup and use the lookup command to find the new string that corresponds to the original string.

0 Karma