Re: Replace '&' with ','

Jananee_iNautix · ‎02-05-2015

I want to replace the character '&' with the character ',' in the below field.

field = {call DB2GIPS.GIP_IP_SMRY_BROWSE(?& ?& ?& ?& ?& ?)},4,145.20738080143929,65.47478818893433,360.34633181989193,580.8295232057571,,2.2596316800361542E-4,,0.0

so that the result should be

field = {call DB2GIPS.GIP_IP_SMRY_BROWSE(?, ?, ?, ?, ?, ?)},4,145.20738080143929,65.47478818893433,360.34633181989193,580.8295232057571,,2.2596316800361542E-4,,0.0

How can that be done in splunk?Please advice.

chimell · ‎02-09-2015

Hi 
Try this request :
      enter something here |field = {call DB2GIPS.GIP_IP_SMRY_BROWSE(?& ?& ?& ?& ?& ?)},4,145.20738080143929,65.47478818893433,360.34633181989193,580.8295232057571,,2.2596316800361542E-4,,0.0 | replace "(?& ?& ?& ?& ?& ?) "  with "(?, ?, ?, ?, ?, ?)" in field

David · ‎02-05-2015

Easily:

rex mode=sed "s/&/,/g"

Does that work for you?

ramdaspr · ‎02-05-2015

you also should specify the field name you want to rex or it might mangle up the rest of the raw data as well..
so rex field=myfieldname mode=sed "s/&/,/g"

Replace '&' with ','

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation