Solved: Replace square brackets and leave original value

korstiaans · ‎07-12-2021

Hi All,

I have a field with the following value:

[ "842cef72-745d-463c-8b49-ce16ccc5ebd2" ]

I'd like to get rid of the square brackets and the quotes ending up with:

842cef72-745d-463c-8b49-ce16ccc5ebd2

clintla · ‎07-12-2021

Sorry- added incorrectly \

(?<CAPTURE>[a-z0-9-]+)

michel_wolf · ‎07-12-2021

Hi korstiaans,

you can try this:

|makeresults
|eval sample_field="[ \"842cef72-745d-463c-8b49-ce16ccc5ebd2\" ]"
|rex field=sample_field "\[\s\"(?<new_field>.*)?\""

I don´t know if you have realy spaces between the [ and "

Michel

clintla · ‎07-12-2021

(?<CAPTURE>[a-z0-9-\]+)

clintla · ‎07-12-2021

Sorry- added incorrectly \

(?<CAPTURE>[a-z0-9-]+)

korstiaans · ‎07-12-2021

@clintla Thanks, works like a charm.

korstiaans · ‎07-12-2021

Hi Michel,

That doesn't work, but it's probably, because the field is a little weird formatted. It looks like this in a table:

Replace square brackets and leave original value