We have updated our Terms of Service, Code of Conduct, and Addendum.

How do I split a field in a pipeline?

Options
jroot42
jroot42 Posts: 4
in Stream

I have a field that includes IP and Port (i.e. 0.0.0.0:1234) and I want to split them into separate fields for further analysis. What’s the best way to do that?

Best Answer

  • TyS
    TyS Posts: 1
    Answer ✓
    Options

    (the edit: button isnt working for me? so making an expanded post)
    One way would be to use the REGEX extract and for the REGEX use something similar to (?\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?\d{1,5}) (there are other ways to do this obviously which are more strrict/validating, but this should do fine for most)

    Also you could use a split function on eval.
    name|value expression:
    ipaddress | nameOfCombinedField.split(:)[0]
    port | nameOfCombinedField.split(:)[1]

Answers

  • Jon Rust
    Jon Rust Posts: 435 mod
    Options

    Use the Regex Extract function:

    (?<ip>[^:]+):(?<port>\d+)
  • TyS
    TyS Posts: 1
    Answer ✓
    Options

    (the edit: button isnt working for me? so making an expanded post)
    One way would be to use the REGEX extract and for the REGEX use something similar to (?\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(?\d{1,5}) (there are other ways to do this obviously which are more strrict/validating, but this should do fine for most)

    Also you could use a split function on eval.
    name|value expression:
    ipaddress | nameOfCombinedField.split(:)[0]
    port | nameOfCombinedField.split(:)[1]

  • jroot42
    jroot42 Posts: 4
    Options

    The Eval function was exactly what I needed.

Categories