Is there a cribl equivalent to Splunk’s rex mode=sed?

Question

Hi all,Is there a cribl equivalent to Splunk’s rex mode=sed? I’ve tried replace_regex but I kept hitting a brick wall.I’m trying to take a timestamp with an indeterminate number of spaces and replace those spaces with a single space in a pipeline (using ‘eval’ function)Data looks like this:timestamp: “2023-10-03     09:29:00”Currently I’ve done the really hacky fix of extracting both the date and time and smooshing them together (eval date + ’ ' time)Thanks!

David Maislin · Accepted Answer

timestamp.replace(/\s+/g,' ')Mask function is similar:Left side:\s+optional global flagRight side:' '

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded