I have a situation where I have two multi-valued fields in my data, and i want to call mvexpand on ONE of the fields and leave the second field multi-valued.
Unfortunately mvexpand seems to fall down here. It correctly expands out my first field but it at the same time flattens my other multivalued value. (For the record mvcombine has the same problem)

Here's a simple but completely artificial scenario to reproduce:

| stats count | eval field1="foo-bar-baz" | eval field2="fred-mildred" | makemv field1 delim="-" | makemv field2 delim="-"

That gives me one row, and 'field1' has 3 values and 'field2' has 2 values. Now tack on an mvexpand:

| stats count | eval field1="foo-bar-baz" | eval field2="fred-mildred" | makemv field1 delim="-" | makemv field2 delim="-" | mvexpand field1

I should have 3 rows now, and each of the rows should still have the multivalued value for field2. However it throws away the multivalued values and mysteriously falls back to the original string value.....

Is there any way around this problem?

Ultimately what this is all a part of, is that one of my multivalued fields represents all 'previous' values of a certain field. And my second multivalued field is all the 'current' values of that same field. I want to mvexpand the current values, then filter the set down to only the rows where the current (singlevalued) value is NOT contained in the previous set (multivalued), and then I get a nice table of notable additions basically. Open to other suggestions here too. 😃

NOTE: its ugly but i found a hack using eval to forcibly join and re-split the strings on either side. So instead of | mvexpand field1, I do this:

| eval field2=mvjoin(field2, "#_$_%") | mvexpand field1 | eval field2=split(field2, "#_$_%")