Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can i split this field into multiple columns?

marceldera
Explorer
‎08-23-2022 09:57 AM

Filed name = pluginText

<plugin_output>Information about this scan :

Nessus version : 10.3.0

Nessus build : 20080

Plugin feed version : 202208222232

Scanner edition used : Nessus

Scanner OS : LINUX

Scanner distribution : es7-x86-64

Scan type : Normal

Scan name : Host_Discovery & OS_Identification

Scan policy used : 93e1da98-656c-5cd5-933b-ce6665fc0486-1939724/Host_Discovery_Scan_03292022 Scanner IP : 10.102.10.1

Port scanner(s) : nessus_syn_scanner

Port range : sc-default

Ping RTT : 11.921 ms

Thorough tests : no

Experimental tests : no

Plugin debugging enabled : no

Paranoia level : 1

Report verbosity : 1

Safe checks : yes

Optimize the test : yes

Credentialed checks : no

Patch management checks : None

Display superseded patches : yes (supersedence plugin launched)

CGI scanning : disabled

Web application tests : disabled

Max hosts : 30

Max checks : 5

Recv timeout : 5

Backports : None

Allow post-scan editing : Yes

Scan Start Date : 2021/8/10 1:55 UTC

can duration : 63 sec

</plugin_output>

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-23-2022 10:23 AM 
| rex field=pluginText max_match=0 "\s*(?<namevalue>[^:]+ : .+)"
| streamstats count as _row 
| mvexpand namevalue
| rex field=namevalue "(?<name>[^:]+) : (?<value>.+)"
| eval {name}=value
| fields - name value namevalue
| stats values(*) as * by _row

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎08-23-2022 10:23 AM 
| rex field=pluginText max_match=0 "\s*(?<namevalue>[^:]+ : .+)"
| streamstats count as _row 
| mvexpand namevalue
| rex field=namevalue "(?<name>[^:]+) : (?<value>.+)"
| eval {name}=value
| fields - name value namevalue
| stats values(*) as * by _row
0 Karma
Reply
Solved! Jump to solution

marceldera
Explorer
‎08-23-2022 12:03 PM

Thank you so much, I really appreciate it.  It works perfectly.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...