https://community.splunk.com/t5/Splunk-Search/How-to-form-key-value-pairs-from-2-multivalue-fields/m-p/446754#M126709 <P>Hi @ramki1459 try this </P> <PRE><CODE>| makeresults | eval time=10000 | eval field1="x:y:z" | eval field2="10:20:30" | makemv delim=":" field1 | makemv delim=":" field2 | eval F2andF3=mvzip(field1,field2) | mvexpand F2andF3 | rex field=F2andF3 "^(?&lt;field1&gt;[^,]+),(?&lt;field2&gt;.*)$" | table time field1 field2 </CODE></PRE> Thu, 07 Jun 2018 10:53:59 GMT harishalipaka 2018-06-07T10:53:59Z https://community.splunk.com/t5/Splunk-Search/How-to-form-key-value-pairs-from-2-multivalue-fields/m-p/446753#M126708 <P>Hi<BR /> I am trying to extract data from 2 multivalue fields and trying to form key value pair, for example, I have data something like below</P> <PRE><CODE>_time, field1 , field2 10000, x:y:z 10:20:30 10001, a:b:c 40:50:60 </CODE></PRE> <P>I want to extract data something like this</P> <PRE><CODE>10000, x 10 10000, y 20 10000, z 30 10001, a 40 10001, b 50 10001, c 60 </CODE></PRE> <P>I tried with makemv but not able to get the result in above format. any input is really appreciated. Thanks.</P> Tue, 05 Jun 2018 21:30:10 GMT https://community.splunk.com/t5/Splunk-Search/How-to-form-key-value-pairs-from-2-multivalue-fields/m-p/446753#M126708 ramki1459 2018-06-05T21:30:10Z https://community.splunk.com/t5/Splunk-Search/How-to-form-key-value-pairs-from-2-multivalue-fields/m-p/446754#M126709 <P>Hi @ramki1459 try this </P> <PRE><CODE>| makeresults | eval time=10000 | eval field1="x:y:z" | eval field2="10:20:30" | makemv delim=":" field1 | makemv delim=":" field2 | eval F2andF3=mvzip(field1,field2) | mvexpand F2andF3 | rex field=F2andF3 "^(?&lt;field1&gt;[^,]+),(?&lt;field2&gt;.*)$" | table time field1 field2 </CODE></PRE> Thu, 07 Jun 2018 10:53:59 GMT https://community.splunk.com/t5/Splunk-Search/How-to-form-key-value-pairs-from-2-multivalue-fields/m-p/446754#M126709 harishalipaka 2018-06-07T10:53:59Z