Splunk Search

regex to replace numeric value as astreik

DataOrg
Builder

i want search search level field extraction command to replace all numeric value as astriek

Name = Dell vostro 2012 laptop wireless
Name = HP latitude laptop 20161 home station
Name is the field followd by value

I want results as
Name = Dell vostro **** laptop wireless
Name = HP latitude laptop **** home station

0 Karma
1 Solution

jpolvino
Builder

If you want to get rid of numbers, you can use sed to replace them with nothing (also removes leading space):

(your search)
| rex field=Name mode=sed "s/\s\d+//g" 

You said replace with asterisk, I believe, which would be:

(your search)
| rex field=Name mode=sed "s/\s\d+/\*/g"

View solution in original post

jpolvino
Builder

If you want to get rid of numbers, you can use sed to replace them with nothing (also removes leading space):

(your search)
| rex field=Name mode=sed "s/\s\d+//g" 

You said replace with asterisk, I believe, which would be:

(your search)
| rex field=Name mode=sed "s/\s\d+/\*/g"
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...