Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to get string values into column values dynamically

shivareddysompa
Explorer
‎07-07-2020 05:56 AM

hi,

i have data like below. i want to string into column values then need to join with my query.

System                   effected Region

a:b:c;d;e;f                  India

i need like below.

system                     effected Region

a                               India

b                               India

c                               India

d                               India

e                                India

f                                 India

 

Thanks in advance

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-07-2020 06:18 AM 
| makeresults | eval _raw="System     effected_Region
a:b:c;d;e;f  India" | multikv forceheader=1
`comment("Above just sets up test data")`
| eval System=split(System,":") | mvexpand System 
| eval System=split(System,";") | mvexpand System

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-07-2020 06:18 AM 
| makeresults | eval _raw="System     effected_Region
a:b:c;d;e;f  India" | multikv forceheader=1
`comment("Above just sets up test data")`
| eval System=split(System,":") | mvexpand System 
| eval System=split(System,";") | mvexpand System

 

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...