I want to remove the special character after a number, please help.
data:
7.62\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
I want:
7.62. the number is not constant it will keep changing so I need to remove only the special character.
@493669 has a good answer, but types faster than me. It will extract the number into a new field.
Here's another option that modifies the original field (not on disk, of course).
... | rex mode=sed field=data "s/\\\x00//g" | ...
try this:
... |rex field=data "^(?<data>\d+\.?\d+)"
or
... |rex field=data "^(?<a>[^\\]+)"
Hi there,
Is this how the full event looks like? Can you please provide some sample events to give you the regex as accurate as possible.
Also, do you want to remove special characters before indexing or after (search-time)?