Hi,
I have created a field, "from", which is a concatenation of 2 string fields, as follows: index = ..... | eval time_epoch = strptime('SESSION_TIMESTAMP', "%Y-%m-%d %H:%M:%S") | convert ctime(...
See more...
Hi,
I have created a field, "from", which is a concatenation of 2 string fields, as follows: index = ..... | eval time_epoch = strptime('SESSION_TIMESTAMP', "%Y-%m-%d %H:%M:%S") | convert ctime(time_epoch) as hour_minute timeformat="%Y-%m-%d %H:%M" | strcat URL_PATH ":" SEQUENCE from | table from The "from" field is made up of a URL string , a : character and then a number in string format. I need to create another field "to", so that for each Nth event where the respective "from" value ends in the number N, the corresponding "to" has the URL for the (N+1) event, : and (N+1)th value. Example: from to ....:1 ......:2 .....2 .......:3 .....:3 .......:4 ........................................ .........N <BLANK> In this way, the last value of the "from" field would have a blank "to" value. Essentially, I need to slid the "from" values up by 1 and name this other field as "to". I have tried Regex and different eval combinations but no success. Can you please help? Many thanks, P