Hi all,
Is there a cribl equivalent to Splunk’s rex mode=sed? I’ve tried replace_regex but I kept hitting a brick wall.
I’m trying to take a timestamp with an indeterminate number of spaces and replace those spaces with a single space in a pipeline (using ‘eval’ function)
Data looks like this:
timestamp: “2023-10-03 09:29:00”
Currently I’ve done the really hacky fix of extracting both the date and time and smooshing them together (eval date + ’ ' time)
Thanks!