Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

mvcombine ignores specified delimiter

markwymer
Path Finder
‎06-11-2015 03:57 AM

My apologies for the duplicated question - I wasn't sure whether I could tag my particular situation re- mvcombine not using the delimiter when specified.

The search I'm using is
* | stats list(Logon_Source_IP) AS IPList | mvcombine delim=" OR " IPList

what I was hoping to get is (example)
192.10.0.4 OR 192.11.4.23 OR 192.15.12.13

what I'm actually getting back is:
192.10.0.4 192.11.4.23 192.15.12.13

i.e. no delimiter

Any ideas? I did notice that, in another post, someone had used
* | stats delim=" OR " list(Logon_Source_IP) AS IPList
but that ignored the delimiter too.

Any ideas?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

markwymer
Path Finder
‎06-11-2015 08:58 AM

Hi,

Not sure whether this is a bug or a documentation issue - either way I'm unable to raise a support case as, technically, we're still doing a POC on Splunk.

However, after a phone call and a bit more hunting I came across this document..... http://answers.splunk.com/answers/102260/delim-argument-in-stats-function-no-longer-supported.html - and this answer works perfectly.

My search is now:
* | stats delim=" OR " list(Logon_Source_IP) AS IPList | mvcombine IPList
which gives me the results I'd hoped for.

View solution in original post

Reply
Solved! Jump to solution
Solution

markwymer
Path Finder
‎06-11-2015 08:58 AM

Hi,

Not sure whether this is a bug or a documentation issue - either way I'm unable to raise a support case as, technically, we're still doing a POC on Splunk.

However, after a phone call and a bit more hunting I came across this document..... http://answers.splunk.com/answers/102260/delim-argument-in-stats-function-no-longer-supported.html - and this answer works perfectly.

My search is now:
* | stats delim=" OR " list(Logon_Source_IP) AS IPList | mvcombine IPList
which gives me the results I'd hoped for.

Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...