Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Rename values with regex

widad_guerrida
Engager
‎05-19-2020 03:06 AM

Hello,
I need to delete the numericals values in variables name :
CETAT_UGE_11 become CETAT_UGE
knowing that I have many variables like this, so i need a solution that works for all of them.

I started doing this : | rex result = column "([0-9]{2-3})" , with column is a column of a table which contains CETAT_UGE_11 and others.
but it does not work : Error in 'rex' command: The regex 'hfield' does not extract anything. It should specify at least one named group. Format: (?...).

Thank you for helping me

0 Karma
Reply

to4kawa
Ultra Champion
‎05-19-2020 07:23 AM 
| makeresults
| fillnull CETAT_UGE_11 CETAT_UGF_12 CETAT_UGG_13 CETAT_UGH_14
| foreach *_*_* [ eval <<MATCHSEG1>>_<<MATCHSEG2>> = '<<FIELD>>'
| fields - <<FIELD>>]
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...