Solved: My extracted field contains special characters in ...

santosh_hb · ‎05-18-2017

Hi,

My extracted field contains some special characters instead of actual string.

For ex:

Email_Address is the field name and it is extracted in the following way:

data@portal.com
data%40portal.com

In the above, it is getting extracted in 2 ways. One with '@' and one more with '%40' instead of @
Whereas, the first one is correct?

Now, in my search, how can I replace %40 with @ and display only data@portal.com?

thanks

somesoni2 · ‎05-18-2017

Like this

..your search | eval Email_Address =urldecode(Email_Address)

okayal · ‎05-18-2017

Do you mean both emails are extracted, but are on separate lines in the same event?

If that's the case, try something like

<Your query> | rex field=Email_Address "(?<Email_Address>.+@[\w\.]+)\n"

somesoni2 · ‎05-18-2017

Like this

..your search | eval Email_Address =urldecode(Email_Address)

My extracted field contains special characters in extracted value. How can I replace it with actual string value?