Search results between a certain number when resul...

Callum_f · ‎07-21-2021

Hey Everyone,

I am trying to search for a field to see how much a customer is spending but there is a letter in front of it.

e.g. "cost" : "C1000" showing they spent $1000.

So for example I want to search when the user spends between C1000 and C20000.

is there a way to remove the C and search the numbers of the result?

this is what I have so far

index="silverprod" source=*finance* ("Lambda" "Payload") NOT (lambda-warmer) *topup*

kamlesh_vaghela · ‎07-21-2021

@Callum_f

Can you please try this?

YOUR_SEARCH
| eval cost=replace(cost,"C","") | where cost >500 AND cost < 1500

My Sample Search :

|makeresults count=100 | eval a=100| accum a | eval cost="C".a
| rename comment as "Upto Now is sample data only" 
| table cost
| eval cost=replace(cost,"C","") | where cost >500 AND cost < 1500

Thanks
KV
▄︻̷̿┻̿═━一 ?

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

Search results between a certain number when result has a letter before number e.g C1000

stats

subsearch

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?