Solved: How do you concatenate strings of two multi-value ...

pjdwyer · ‎06-13-2018

I have two multi-value fields, one contains addresses and the other contains the date and time an event occurred at said address. I am trying to collect both items of data into a single mv field. I cannot collect them with one extraction because the data between them is not necessary for the report.

Here are possible example values of the address and date in raw form and as how I am trying to concatenate them:
1.1.1.1 SQL Inactive 2017-08-15 13:02:58 -> 1.1.1.1 2017-08-15 13:02:58
2.2.2.2 ORA Inactive 2018-01-04 22:32:39 -> 2.2.2.2 2018-01-04 22:32:39
3.3.3.3:FAM Inactive 2018-01-04 22:32:39 -> 3.3.3.3 2018-01-04 22:32:39
4.4.4.4 Inactive 2018-02-24 03:55:18 -> 4.4.4.4 2018-02-24 03:55:18
0 Inactive 2018-02-24 03:55:18 -> 0 2018-02-24 03:55:18
FOO.BAR.COM Inactive 2018-02-24 03:55:18 -> FOO.BAR.COM 2018-02-24 03:55:18
The two fields are in bold and the final mv field is in italics.

I cannot seem to get the mv fields to concatenate in this way and was hoping I am just missing something. How would I go about this?
Thank you. -Peter

Edit
This works perfectly \/
eval ip_date=mvzip(address,date," ")

renjith_nair · ‎06-13-2018

Hi Peter,
Are those each events/row ? If they are two fields of same row then simple concatenation would work

eval my_concatenated_field=adress." ".date

if each row is a multi value field, then you can combine them using mvzip(adress,date," ")

View solution in original post

somesoni2 · ‎06-13-2018

They are multi-valued field, so use eval-mvzip. (See @renjith.nair's comment for syntax OR this)

renjith_nair · ‎06-13-2018

Hi Peter,
Are those each events/row ? If they are two fields of same row then simple concatenation would work

eval my_concatenated_field=adress." ".date

if each row is a multi value field, then you can combine them using mvzip(adress,date," ")

View solution in original post

How do you concatenate strings of two multi-value fields together to make one mv field?