InfallibleTechie

How to get first n characters from a field in Splunk?

substr() can be used to get first n characters from a field in Splunk.

Syntax:

substr(str, start, length)

Syntax with Field Reference:

eval Summary=substr(description,1,57)

Example:

eval Summary=substr(description,1,57)

From the above example, Summary will hold first 57 characters of the description field value.