Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Extracting the repeated fields from _raw

tomarcen
New Member
‎12-15-2014 07:53 PM

Hi.
I've load splunk with my email logs.
I'm getting all the url's in an email in _raw field.

In an e-mail, if there are 10 hyperlinks, I'm getting all the links as url in _raw , but I need them in a column of a table with url & sender columns.

When I pipe and table the output, I'm getting only the first url as the output In url field.

So how to get all the url's tabled in same column.

0 Karma
Reply

tomarcen
New Member
‎12-15-2014 11:23 PM

That dint work. I tried and got the same output - only the first url is showing.

Problem is all the repeated fields like url or recipients are in same event of splunk..

So, I need a query to get the repeated fields like url or recipient repeated multiple times in same event.

In simple words : in one event, I'm getting multiple recipients but after using the above query also, I'm getting the same result(only the first url or recipient in that event)

0 Karma
Reply

kml_uvce
Builder
‎12-15-2014 08:38 PM

try this
your search| eval url_name=mvjoin(url, ";")|table url_name

kamal singh bisht
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...