Re: string fields with numbers to be compared

Hema_Nithya · ‎08-31-2023

I have another issue in comparing and want to compare should_be with server_installed_package . Sometime package installed is higher after patching . Example given below for git version if should_be== server_installed_package , the status should updated as Completed
, Another case if server_installed_packages is greater than shouldbe to mark as complete 2 < 3 , also it should check for if first number is same , it should check for second digits . it should mark as completed , else it should check for the next digit if it is 2. and it should check for another number .

CI	Installed	shouldbe	server_installed_package	Status
server1	git-2.31.1-3.el8_7	git-2.39.3-1.el8_8	git-3.40.3-1.el8_8	Not complete

gcusello · ‎08-31-2023

Hi @Hema_Nithya ,

this check highly depends on the format of the version, so if the format is always the one you shared (git-2.31.1-3.el8_7 and git-2.39.3-1.el8_8), you could use a regex to extract the numeric version:

| rex field=installed ".*(?<version_installed>\d+_\d+)"
| rex field=shouldbe ".*(?<version_shouldbe>\d+_\d+)"

so you can compare them.

Ciao.

Giuseppe

string fields with numbers to be compared

field extraction

regex

subsearch

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation