Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2015-03-09 11:13 AM

Need help in scripting for string functions

The idea is I will have the below as a paragraph in the column "Description". Can somebody help me to do a script which will result me the computer name alone. Example: the result of the script has to be ABCD1238.eu.corp

From: ch.alerts@abcd.com

Sent: Thursday, March 05, 2015 6:01 PM

To: Security.IncidentResponseTeam

Subject: Forefront Endpoint Protection Alert: Malware Detection


Forefront Endpoint Protection has detected malware on a computer in your organization.

Detection time (UTC): 3/5/2015 11:54:32 AM

Computer name: ABCD1238.eu.corp

Malware name: BrowserModifier:Win32/KipodToolsCby

594 Views
0 Likes
1 Solution

Accepted Solutions
simenkg
Specialist
Specialist
‎2015-03-10 05:27 AM

In response to Anonymous

subfield(textbetween(Description, 'Computer name: ' , 'Malware name:'),'_x000D_',1)

View solution in original post

394 Views
0 Likes
9 Replies
Gysbert_Wassenaar
MVP
MVP
‎2015-03-09 11:29 AM

Try textbetween(Description, 'Computer name: ' , 'Malware name:')


talk is cheap, supply exceeds demand
394 Views
Not applicable
‎2015-03-09 04:32 PM
Author

Try subfield(Description,'Computer name:',2)

394 Views
Anonymous
Not applicable
‎2015-03-10 05:19 AM
Author

Hi Gysbert, I have tried Text Between. and I am I getting the below. Why I am getting _x000D_ and how should I remove this?

Computer Name
aoewallace2-sz.ap.corp_x000D_
BCNWS027.eu.corp_x000D_
BEER646.eu.corp_x000D_
CC4GKKVY1.ap.corp_x000D_
CCFSHYS2X.ap.corp_x000D_
cchen-wgq.ap.corp_x000D_
cmlu-wgq.ap.corp_x000D_
CRPWS027.na.corp_x000D_
CRPWS052.na.corp_x000D_
DEAC1190.eu.corp_x000D_
DEAC1238.eu.corp_x000D_
394 Views
0 Likes
simenkg
Specialist
Specialist
‎2015-03-10 05:27 AM

In response to Anonymous

subfield(textbetween(Description, 'Computer name: ' , 'Malware name:'),'_x000D_',1)

395 Views
0 Likes
Anonymous
Not applicable
‎2015-03-10 05:33 AM
Author

Thanks Simen. Extraordinary it worked...

394 Views
0 Likes
puttemans
Specialist
Specialist
‎2015-03-10 05:37 AM

In response to Anonymous

If you are getting it, it means it is somewhere in the data. You can remove it at once with Simen's formula, although you could shorten the formula a bit :

subfield(textbetween(Description, 'Computer name: ' , 'Malware name:'),'_',1)

394 Views
0 Likes
Anonymous
Not applicable
‎2015-03-10 05:41 AM
Author

Thanks everyone. Now I have got the Computer Name.. But I am not able to do this to get Malware name:

Any suggestions please?

394 Views
0 Likes
simenkg
Specialist
Specialist
‎2015-03-10 05:44 AM

In response to Anonymous

Subfield(Description,'Malware name:',2)

394 Views
0 Likes
Anonymous
Not applicable
‎2015-03-10 05:57 AM
Author

Hi Simen it worked but I am again getting _x000D_ at the end

394 Views
0 Likes