Solved: I want to split a field into two different fields ... - Splunk Community

Splunk Search

I want to split a field into two different fields for comparission,
my data is in the format:
address= 5555 xxxxx yyy Apt Z
desired result :
house number= 5555
street address = xxxx yyy

I have tried to use the split command but does not help me with what I want

1 Solution

Solution

Try rex.

... | rex field=address "(?<houseNumber>\d+)\s(?<streetAddress>.*)" | ...

---
If this reply helps you, Karma would be appreciated.

View solution in original post

@jaleelahmed94, please try the following rex command:

<YourBaseSearch>
| table address
| rex field=address "address=\s(?<house_number>\d+)\s(?<street_address>.*)"

You can test the Regular Expression inside double quotes on regex101.com with your sample data.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Solution

Try rex.

... | rex field=address "(?<houseNumber>\d+)\s(?<streetAddress>.*)" | ...

---
If this reply helps you, Karma would be appreciated.

Thanks, I was looking for something like this!

I instead used rex field=address "(?\s+)\s(?.*)"
because the address field was string.

Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open! conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor. HEC Receiver authorization ...