Home > Software design >  How do I use regex to split a field value into multiple values using two different delimiters
How do I use regex to split a field value into multiple values using two different delimiters

Time:11-05

I have a log source in Sentinel that delimits data in two different ways in the same log, e.g. - and `$60.

So far I've tried:

| extend FieldNameSplit = split(FieldName , '-|$60')

As well as:

| extend FieldNameSplit = split(FieldName, '-')
| extend FieldNameSplitTwo = split(FieldNameSplit, '$60')

Neither of these method have proven effective. Any other ideas?

Thanks in advance for the insight!

CodePudding user response:

If I understand your question correctly, you could try using the extract_all() function: https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/extractallfunction

for example:

print input = "a-b-c$60d-e$60f$60g-h"
| extend output= extract_all(@"([^-(\$60)] )", values)
input output
a-b-c$60d-e$60f$60g-h [
"a",
"b",
"c",
"d",
"e",
"f",
"g",
"h"
]

CodePudding user response:

Personally, I opt to use parse-where in situations like this.

Page link:https//www.codepudding.com/Softwaredesign/180161.html

Prev:How to capture parts of a string into groups using regex?
Next:Count occurrences of specific word after a different, specific word is found
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding