Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Replace '&' with ','

Jananee_iNautix
Path Finder
‎02-05-2015 07:06 AM

I want to replace the character '&' with the character ',' in the below field.

field = {call DB2GIPS.GIP_IP_SMRY_BROWSE(?& ?& ?& ?& ?& ?)},4,145.20738080143929,65.47478818893433,360.34633181989193,580.8295232057571,,2.2596316800361542E-4,,0.0

so that the result should be

field = {call DB2GIPS.GIP_IP_SMRY_BROWSE(?, ?, ?, ?, ?, ?)},4,145.20738080143929,65.47478818893433,360.34633181989193,580.8295232057571,,2.2596316800361542E-4,,0.0

How can that be done in splunk?Please advice.

Tags (1)
0 Karma
Reply

chimell
Motivator
‎02-09-2015 03:08 AM 
Hi 
Try this request :
      enter something here |field = {call DB2GIPS.GIP_IP_SMRY_BROWSE(?& ?& ?& ?& ?& ?)},4,145.20738080143929,65.47478818893433,360.34633181989193,580.8295232057571,,2.2596316800361542E-4,,0.0 | replace "(?& ?& ?& ?& ?& ?) "  with "(?, ?, ?, ?, ?, ?)" in field
0 Karma
Reply

David
Splunk Employee
Splunk Employee
‎02-05-2015 07:39 AM

Easily:

rex mode=sed "s/&/,/g"

Does that work for you?

Reply

ramdaspr
Contributor
‎02-05-2015 04:02 PM

you also should specify the field name you want to rex or it might mangle up the rest of the raw data as well..
so rex field=myfieldname mode=sed "s/&/,/g"

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...