Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Fill Multiple values in a field

Jazzyb
New Member
‎06-12-2021 10:03 AM

I have some numeric values that is coming from job search results and the result is saved in tokens. These values are numeric. How can I make bar chart to see whether values are increasing or decreasing. Example 

Value 1 = 100

value 2 = 200

value 3 = 300
 
Now, how can I assign multiple values to a field with the help of eval like this we do for single value 

| eval new_field = “value1’’.. instead of one value I want to keep multiple values. Thanks 

Labels (1)
Labels
0 Karma
Reply

Jazzyb
New Member
‎06-12-2021 07:33 PM

thanks but this solves my half problem. The values are treated as string here and my values are numbers and based on these numbers, I will create a bar graph. These values are basically  total count from csv files. Each file will generate a Total count and these counts are stored in token. And based on these token values I will create a bar graph. Also tonumber(string) does not convert the entire field to integer.. 

New_Field

100

200

300

So above will be the data. New_Field will have 3 values and I want to make graph based on these values.. 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-12-2021 10:54 AM

Do you mean a multi-value field?

| eval new_field=mvappend(value1,value2,value3)

Or do you want separate events for each token value?

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...