split command in splunk 1

split command in splunk

 your base search | eval temp=split(FieldA,".") | eval FieldB=mvindex(temp,0)| eval FieldC=mvindex(temp,1)| eval FieldD=mvindex(temp,2) | fields - temp

Here is what the above code is Doing:
1. Splitting the field on the period
2. Creating a new field for each of the three parts of the split
3. Removing the temp field

Similar Posts