Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Extracting the repeated fields from _raw

tomarcen
New Member
‎12-15-2014 07:53 PM

Hi.
I've load splunk with my email logs.
I'm getting all the url's in an email in _raw field.

In an e-mail, if there are 10 hyperlinks, I'm getting all the links as url in _raw , but I need them in a column of a table with url & sender columns.

When I pipe and table the output, I'm getting only the first url as the output In url field.

So how to get all the url's tabled in same column.

0 Karma
Reply

tomarcen
New Member
‎12-15-2014 11:23 PM

That dint work. I tried and got the same output - only the first url is showing.

Problem is all the repeated fields like url or recipients are in same event of splunk..

So, I need a query to get the repeated fields like url or recipient repeated multiple times in same event.

In simple words : in one event, I'm getting multiple recipients but after using the above query also, I'm getting the same result(only the first url or recipient in that event)

0 Karma
Reply

kml_uvce
Builder
‎12-15-2014 08:38 PM

try this
your search| eval url_name=mvjoin(url, ";")|table url_name

kamal singh bisht
0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...