Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I get my rex search to extract a string between two strings from a sample below and concat it with the fixed string "751."

Veeruswathi
Explorer
‎10-04-2017 03:33 AM

Example1

Input: 352322648-1112 : D_SSPP-HNW_SD-AVI
Output i want : "751.1112"

Example2

Input: 335587620-43300 : DEMO
Output i want: "751.43300"

Thanks

Reply

somesoni2
Revered Legend
‎10-04-2017 06:43 AM

Another way is this (assuming your current input string is available as field input

your current search | eval output=replace(input,"^(.*)(\d+)-(\d+)(\s*:.+)$","751.\3")
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-04-2017 05:26 AM

Here's one way.

... | rex "Input: \d+-(?<field>\d+)" | eval newField="751.".field | ...
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...