Splunk Search

How to reformat search results?

vinod0313
Explorer

Hello

i got result like below from the splunk query

ABC123
DEF456
GHI789

But i want to show like below

ABC
DEF
GHI

Labels (1)
0 Karma

FrankVl
Ultra Champion

I might help if you share a bit more detail on the search you are running, but it sounds like you're looking for the substr() eval function:
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/TextFunctions#substr.28X.2CY.2CZ...

0 Karma

vinod0313
Explorer

Not looking for SubString 

if result from splunk query is like below

TokenValidationRequired
RequestValidationTrue


But i want to replace with another string like below

TOKENVALIDATIOn
REQUESTVALIDATION

0 Karma

FrankVl
Ultra Champion

You can do that in 2 ways:

1: with something like this:

 

| eval new_string = case(old_string="ABC","XYZ",old_string="DEF","UVW")

 

2: You could store the mapping into a lookup and use the lookup command to find the new string that corresponds to the original string.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...