Splunk Search

What regular expression should I use to eliminate a character in the field value?

Builder

Hi

What Regex do I have to use to eliminate a character in the field value?

eg:
G0:1K:BF:04:12:2C
expected: G01KBF04122C

0 Karma
1 Solution

Legend

Replace should do it as well

| eval newfield=replace(oldfield, ":", "")

View solution in original post

0 Karma

Legend

Replace should do it as well

| eval newfield=replace(oldfield, ":", "")

View solution in original post

0 Karma

Contributor

regex should work as descripted. another possibility is to crate/eval a new field

your_search | eval macnew = replace(mac_field, ":","")

Regards,

Andreas

0 Karma

Super Champion

Please check this

| rex mode=sed "s/\://g"

for learnings,
mode=sed --- to update rex to use sed mode
s/ --- search for
":" ---- escaped ":"
"//" ---- replace it with "empty" string (remove)
/g ----- do this search and replace globally.

alt text

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!