Splunk Search

How to search 25 digit numbers to find and compare a subset?

walsh_david
Engager

Hello,

we have a system that receives data from multiple sources each of these sources identifies the data being sent by a 25digit number, this number can be broken down by a combination of the positions, the number comes in the following format:

TTWWWWWSSSYYMMDDCCCCCPL

What I am trying to do is extract the CCCC portion of the number (Positions 19-23) and compare this with a lookup table to identify the sender of the information and then sort the associated data by the sender

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The substr function should do it.

| eval CCCC = substr(bigNumber, 19, 4)

 

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...