Splunk Search

How can I extract different arrays from a field to visualise?

New Member


I have a text file that contains data which looks like


Now my idea was to visualise x, y and z in a nice way(I am using the names x, y, z just for example's sake, they would be different depending on data). I got the data into Splunk and all of the data appears in field1 . I can't understand/figure out a way to get three fields from this field1, by three fields I mean x, y and z with their values respectively. I tried "extract field" but couldn't manage the way I needed.
To visualise this data in a nice representation, I must extract them from field1 but I am really clueless. Would some one please help, and guide me in the right direction. I haven't worked with Splunk before and thats why I don't have much knowledge about it yet.
I appreciate any help, thanks.

Tags (3)
0 Karma

New Member

Try with this:
| eval mynewfield=case(field1 =="x:[-0.01,0.04,0.9]")

0 Karma


Hey annie22,

have you tried the | rex command yet?
Other than that please give us more sample data + an expected output as your explanation doesn't tell me how it should look like in the end.


New Member

Hi pyro_wood,
Thank you for your comment, I haven't looked into rex, didn't know about it, going to look it up.
Here is the sample file data that I have currently:


Sorry for not being so clear, I will try to explain, having this data in mind, when Splunk reads it from file, it shows all of it in 1 field, my problem is when I click on visualisation, I want in statistics table three columns with names x, y and z, and their data under them. I am not sure if that is even possible in Splunk.

for the sake of a smaller example if the data is:


I want to see in statistics table as an expected result some thing like this:

alt text

Thank you!!!

0 Karma

New Member

Oops sorry, my previous comment doesn't show the image link where I had expected result, I think because I don't have enough points so it won't let me use any hyperlink. So I will try explaining instead, I would like as expected result a table with in this case three columns, x, y and z and then their values under them. Sorry for the inconvenience.

0 Karma
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...