Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Fill Multiple values in a field

Jazzyb
New Member
‎06-12-2021 10:03 AM

I have some numeric values that is coming from job search results and the result is saved in tokens. These values are numeric. How can I make bar chart to see whether values are increasing or decreasing. Example 

Value 1 = 100

value 2 = 200

value 3 = 300
 
Now, how can I assign multiple values to a field with the help of eval like this we do for single value 

| eval new_field = “value1’’.. instead of one value I want to keep multiple values. Thanks 

Labels (1)
Labels
0 Karma
Reply

Jazzyb
New Member
‎06-12-2021 07:33 PM

thanks but this solves my half problem. The values are treated as string here and my values are numbers and based on these numbers, I will create a bar graph. These values are basically  total count from csv files. Each file will generate a Total count and these counts are stored in token. And based on these token values I will create a bar graph. Also tonumber(string) does not convert the entire field to integer.. 

New_Field

100

200

300

So above will be the data. New_Field will have 3 values and I want to make graph based on these values.. 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-12-2021 10:54 AM

Do you mean a multi-value field?

| eval new_field=mvappend(value1,value2,value3)

Or do you want separate events for each token value?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...