Solved: How to replace 2 different characters in the same ...

fariapm1 · ‎01-26-2023

Hi,

I have a csv that is imported to splunk and one of those fields has a space for the thousands and ends with ",00", I need it to be an integer only with numbers.

I can solve this this with 2 lines:

| eval test=replace(field1,",00","")
| eval test=replace(test," ","")

But I want to create a new field with Calculated fields. How can I do that in one line of code?

ITWhisperer · ‎01-26-2023

| eval test=replace(replace(field1,",00","")," ","")

View solution in original post

fariapm1 · ‎01-26-2023

Hi,

It worked.

I've already tried that but if you notice the space has a red dot. When I tried its only the " "

Tks for your help!

ITWhisperer · ‎01-26-2023

Given that the replace function supports regex expressions, you could try it this way:

| eval test=replace(replace(field1,",00",""),"\s","")

fariapm1 · ‎01-26-2023

In your opinion what's the most efficient ?

" " or "\s" ?

ITWhisperer · ‎01-26-2023

It depends on your events - if spaces are the only type of white space used, then " " would be slightly more efficient, although improvement that might not be detectable, so if there is a possibility that other white space characters might be used, then "\s" might be safer.

fariapm1 · ‎01-26-2023

Hi,

In this case it was a new type of space that appeared in my CSV file and it's not the 1st time that this happens.

Thank you for your support !!!

ITWhisperer · ‎01-26-2023

| eval test=replace(replace(field1,",00","")," ","")

How to replace 2 different characters in the same field?

eval

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor