Is there a cribl equivalent to Splunk’s rex mode=sed?

Tony Reinke - Cribl · October 2023

Hi all,
Is there a cribl equivalent to Splunk’s rex mode=sed? I’ve tried replace_regex but I kept hitting a brick wall.

I’m trying to take a timestamp with an indeterminate number of spaces and replace those spaces with a single space in a pipeline (using ‘eval’ function)

Data looks like this:
timestamp: “2023-10-03 09:29:00”

Currently I’ve done the really hacky fix of extracting both the date and time and smooshing them together (eval date + ’ ' time)

Thanks!

David Maislin · October 2023

timestamp.replace(/\s+/g,' ')

Mask function is similar:Left side: \s+ optional global flag
Right side: ' '

David Maislin · October 2023

timestamp.replace(/\s+/g,' ')

Mask function is similar:Left side: \s+ optional global flag
Right side: ' '

Is there a cribl equivalent to Splunk’s rex mode=sed?

Best Answer

Answers

Categories