Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How multivalue of field can be extracted in th...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Filesystem Type Size Used Avail UsePct MountedOn
/dev/mapper/rootvg-rootlv ext3 6.0G 4.3G 1.4G 77% /
/dev/sda1 ext3 194M 78M 107M 43% /boot
/dev/mapper/rootvg-home_lv ext3 2.0G 528M 1.4G 28% /local_home
/dev/mapper/rootvg-opt_lv ext3 6.0G 1.2G 4.5G 21% /opt
/dev/mapper/rootvg-tmp_lv ext3 2.0G 230M 1.7G 13% /tmp
/dev/mapper/rootvg-usr_lv ext3 2.0G 116M 1.8G 7% /usr/local
/dev/mapper/rootvg-var_lv ext3 4.0G 1.4G 2.4G 37% /var
/dev/mapper/rootvg-history_lv ext3 2.0G 68M 1.9G 4% /history_logs
/dev/mapper/rootvg-itm_lv ext3 3.0G 608M 2.3G 22% /opt/IBM/ITM
/dev/mapper/appvg-apps_lv ext3 32G 177M 30G 1% /apps
/dev/mapper/appvg-usr_apigee_lv ext3 197G 485M 187G 1% /usr/apigee
/dev/mapper/appvg-apilogs_lv ext3 20G 173M 19G 1% /apilogs
/dev/mapper/appvg-Introscope_lv ext3 3.0G 69M 2.8G 3% /Introscope
/dev/mapper/rootvg-venafi_lv ext4 976M 1.3M 924M 1% /venafi
/dev/mapper/appvg-opt_apigee_lv ext4 197G 8.9G 178G 5% /opt/apigee
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| makeresults
| eval _raw="Filesystem,Type,Size,Used,Avail,UsePct,MountedOn
/dev/mapper/rootvg-rootlv,ext3,6.0G,4.3G,1.4G,77%,/
/dev/sda1,ext3,194M,78M,107M,43%,/boot
/dev/mapper/rootvg-home_lv,ext3,2.0G,528M,1.4G,28%,/local_home
/dev/mapper/rootvg-opt_lv,ext3,6.0G,1.2G,4.5G,21%,/opt
/dev/mapper/rootvg-tmp_lv,ext3,2.0G,230M,1.7G,13%,/tmp
/dev/mapper/rootvg-usr_lv,ext3,2.0G,116M,1.8G,7%,/usr/local
/dev/mapper/rootvg-var_lv,ext3,4.0G,1.4G,2.4G,37%,/var
/dev/mapper/rootvg-history_lv,ext3,2.0G,68M,1.9G,4%,/history_logs
/dev/mapper/rootvg-itm_lv,ext3,3.0G,608M,2.3G,22%,/opt/IBM/ITM
/dev/mapper/appvg-apps_lv,ext3,32G,177M,30G,1%,/apps
/dev/mapper/appvg-usr_apigee_lv,ext3,197G,485M,187G,1%,/usr/apigee
/dev/mapper/appvg-apilogs_lv,ext3,20G,173M,19G,1%,/apilogs
/dev/mapper/appvg-Introscope_lv,ext3,3.0G,69M,2.8G,3%,/Introscope
/dev/mapper/rootvg-venafi_lv,ext4,976M,1.3M,924M,1%,/venafi
/dev/mapper/appvg-opt_apigee_lv,ext4,197G,8.9G,178G,5%,/opt/apigee"
| multikv forceheader=1
| table Filesystem,Type,Size,Used,Avail,UsePct,MountedOn
Multiple values?
Do you mean you want to summarize by type?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is the whole point of multikv:
|makeresults | eval _raw="Filesystem Type Size Used Avail UsePct MountedOn
/dev/mapper/rootvg-rootlv ext3 6.0G 4.3G 1.4G 77% /
/dev/sda1 ext3 194M 78M 107M 43% /boot
/dev/mapper/rootvg-home_lv ext3 2.0G 528M 1.4G 28% /local_home
/dev/mapper/rootvg-opt_lv ext3 6.0G 1.2G 4.5G 21% /opt
/dev/mapper/rootvg-tmp_lv ext3 2.0G 230M 1.7G 13% /tmp
/dev/mapper/rootvg-usr_lv ext3 2.0G 116M 1.8G 7% /usr/local
/dev/mapper/rootvg-var_lv ext3 4.0G 1.4G 2.4G 37% /var
/dev/mapper/rootvg-history_lv ext3 2.0G 68M 1.9G 4% /history_logs
/dev/mapper/rootvg-itm_lv ext3 3.0G 608M 2.3G 22% /opt/IBM/ITM
/dev/mapper/appvg-apps_lv ext3 32G 177M 30G 1% /apps
/dev/mapper/appvg-usr_apigee_lv ext3 197G 485M 187G 1% /usr/apigee
/dev/mapper/appvg-apilogs_lv ext3 20G 173M 19G 1% /apilogs
/dev/mapper/appvg-Introscope_lv ext3 3.0G 69M 2.8G 3% /Introscope
/dev/mapper/rootvg-venafi_lv ext4 976M 1.3M 924M 1% /venafi
/dev/mapper/appvg-opt_apigee_lv ext4 197G 8.9G 178G 5% /opt/apigee"
| multikv forceheader=1 copyattrs=t
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| makeresults
| eval _raw="Filesystem,Type,Size,Used,Avail,UsePct,MountedOn
/dev/mapper/rootvg-rootlv,ext3,6.0G,4.3G,1.4G,77%,/
/dev/sda1,ext3,194M,78M,107M,43%,/boot
/dev/mapper/rootvg-home_lv,ext3,2.0G,528M,1.4G,28%,/local_home
/dev/mapper/rootvg-opt_lv,ext3,6.0G,1.2G,4.5G,21%,/opt
/dev/mapper/rootvg-tmp_lv,ext3,2.0G,230M,1.7G,13%,/tmp
/dev/mapper/rootvg-usr_lv,ext3,2.0G,116M,1.8G,7%,/usr/local
/dev/mapper/rootvg-var_lv,ext3,4.0G,1.4G,2.4G,37%,/var
/dev/mapper/rootvg-history_lv,ext3,2.0G,68M,1.9G,4%,/history_logs
/dev/mapper/rootvg-itm_lv,ext3,3.0G,608M,2.3G,22%,/opt/IBM/ITM
/dev/mapper/appvg-apps_lv,ext3,32G,177M,30G,1%,/apps
/dev/mapper/appvg-usr_apigee_lv,ext3,197G,485M,187G,1%,/usr/apigee
/dev/mapper/appvg-apilogs_lv,ext3,20G,173M,19G,1%,/apilogs
/dev/mapper/appvg-Introscope_lv,ext3,3.0G,69M,2.8G,3%,/Introscope
/dev/mapper/rootvg-venafi_lv,ext4,976M,1.3M,924M,1%,/venafi
/dev/mapper/appvg-opt_apigee_lv,ext4,197G,8.9G,178G,5%,/opt/apigee"
| multikv forceheader=1
| table Filesystem,Type,Size,Used,Avail,UsePct,MountedOn
Multiple values?
Do you mean you want to summarize by type?
Splunk Observability for AI
Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...
Splunk Observability as Code: From Zero to Dashboard
