Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Rename values with regex

widad_guerrida
Engager
‎05-19-2020 03:06 AM

Hello,
I need to delete the numericals values in variables name :
CETAT_UGE_11 become CETAT_UGE
knowing that I have many variables like this, so i need a solution that works for all of them.

I started doing this : | rex result = column "([0-9]{2-3})" , with column is a column of a table which contains CETAT_UGE_11 and others.
but it does not work : Error in 'rex' command: The regex 'hfield' does not extract anything. It should specify at least one named group. Format: (?...).

Thank you for helping me

0 Karma
Reply

to4kawa
Ultra Champion
‎05-19-2020 07:23 AM 
| makeresults
| fillnull CETAT_UGE_11 CETAT_UGF_12 CETAT_UGG_13 CETAT_UGH_14
| foreach *_*_* [ eval <<MATCHSEG1>>_<<MATCHSEG2>> = '<<FIELD>>'
| fields - <<FIELD>>]
0 Karma
Reply
Get Updates on the Splunk Community!

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out &gt;&gt; &#x1f3c6; Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...