Re: Replace string

john · ‎03-15-2012

I want to replace (" ") in my xml file to single (").Since there is some misplace of double codes in my whole file.So please help
<?xml version=""1.0"" encoding=""ISO-9000-1"" ?>

gooza · ‎03-15-2012

try:

yoursearch | rex mode=sed "s/\"\"/\"/g"

john · ‎03-16-2012

Thanks gooza.its working

kjamsheed · ‎04-08-2016

works for me as well

Michael · ‎01-14-2015

I had to add the field name to make mine work:
(replacing + with a space in my case)

rex mode=sed field=search_term_used "s/+/ /g"

Also, in my case I had to escape the +

weird, when I post this comment, the rex line looses the escape character .

Livia · ‎03-15-2012

Have you tried to open the xml file with an editor, most of them have a find an replace function.

john · ‎03-15-2012

I should not replace any values manually in the file.I meant i want to replace that double codes during time of search only since it should not make any permanent change in xml file.Can u suggest any search query for that

meenal901 · ‎04-08-2016

You can try replace function of eval for a single field

eval n=replace(date, "^(\d{1,2})/(\d{1,2})/", "\2/\1/")

Else rex will solve your problem 100%

rex mode=sed "s/\"\"/\"/g"

Replace string

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation