Solved: How to use replace in search?

kiran331 · ‎09-05-2017

Hi

How to replace a character in a field value with another character? I have below field value, I have to replace @ with %40.

event_id:
32323ff-343443fg-43344g-34344-343434fdef@@notable@@33434fdf-3434gfgfg-ere343

I'm trying to get this

32323ff-343443fg-43344g-34344-343434fdef%40%40notable5%40%4033434fdf-3434gfgfg-ere343

richgalloway · ‎09-05-2017

Use the replace function like this:

... | eval event_ID=replace(event_id,"@","%40") | ...

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Dawson014 · ‎05-30-2018

Unrelated to this query, but for special characters like period (.) use the escape character -"\".
Like - ... | eval name = replace("lastname.firstname","\.",",") | ...

richgalloway · ‎09-05-2017

Use the replace function like this:

... | eval event_ID=replace(event_id,"@","%40") | ...

---
If this reply helps you, Karma would be appreciated.

How to use replace in search?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Application management with Targeted Application Install for Victoria Experience

Join the Conversation

How to use replace in search?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Application management with Targeted Application Install for Victoria Experience