Splitting a single column

[Miran Ul Haq]

Hi Team,

Hope you are doing well. Kindly assist me with the following issue.

I am trying to split the content of a single column into 2 columns. Eg, Under column FileName, I get the result C:\Users\Public\Documents\hello.docs.

I want output to be displayed like this in 2 columns:

FilePath: C:\Users\Public\Documents\

FileName: hello.docs

Kindly guide on how to achieve this.

Best Regards,
Miran

[Ifeanyi Onyia Odike]

Hello @mira...@gmail.com

Can you provide more details about the Wazuh component you are referring to?

I'm looking forward to hearing back from you.

Regards,

[Miran Ul Haq]

Hi Ifeanyi,

Thanks for responding.

I am using visualise component and data table as widget to list out count data. (Reference attached image)

The count is incorrect due to the filepath being different but file name being same. I wanted to split the text into 2 columns, i.e. file path and file name. Can you please guide on how to do that?

Much appreciate it.

Best Regards,
Miran

[Ifeanyi Onyia Odike]

Understood.

1. Click on Add, under Buckets.

2. Set Sub Aggregation to Terms.

3. Set Field to your chosen field.

You can tweak other fields like the size, ascending order, etc.

Click on Update.

[Miran Ul Haq]

Hi Ifeanyi,

Thanks for getting back.

I have already done that but its still not giving me the result which I desire.

I have attached 2 screenshots for reference,
1) My Settings
2) The output.

I want the data.win.eventdata.processName split into to separate fields. first into file path and second into file name. Can this be achieved?

Thanks for your efforts.

Best Regards
Miran

[Ifeanyi Onyia Odike]

The data from the field data.win.eventdata.processName is a complete string, so it cannot be split.