Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Convert multi values to different row entries

arunkuriakose0
Engager
‎11-16-2021 12:32 AM
10.40.x.x
10.4.x.x
13.x.x.x		KB: Windows  aXXXXfield3
  		Apply Security XXX.server
user
server

 

I have a table output of  a search  which look similar to the one shown above

Is it a possible way to conver this to the desired format mentioned

 

10.40.x.x

KB4571719: Windows 7 aXXXXfield3
  		Apply Security XXX.server
10.4.x.xKB4571719: Windows 7 aXXXXfield3
  		Apply Security XXX.user
13.x.x.xKB4571719: Windows 7 aXXXXfield3
  		Apply Security XXXserver
Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-16-2021 12:40 AM 
| eval combined=mvzip(field1,field5,",")
| mvexpand combined
| eval field1=mvindex(split(combined,","),0)
| eval field5=mvindex(split(combined,","),1)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...