Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Trying to exclude a specific value from an extracted field

srinivas_gowda
Path Finder
‎02-03-2022 09:36 PM

Hello all,

 

I am trying to exclude an specific value within a field while retaining others. Can you please let me know.

 

Eg values:

1) /Server/Cpu/load/Login

2) /Server/Memory/usage

3)/Load/usage/value

 

These above are the values extracted form the event and I will have to remove only /Server value from the field while retaining all other values from the event.

Expected values needed:

1) /Cpu/load/Login

2) /Memory/usage

3) /Load/usage/value

 

Please help in getting this.

 

Labels (4)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-03-2022 10:05 PM

where field is the name of the field you want the replacement done

| eval field=replace(field,"\/Server","")
0 Karma
Reply

skramp
SplunkTrust
SplunkTrust
‎02-03-2022 10:02 PM

You can do it by replace command:

| replace "/Server*" with "*"

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...