Solved: Re: How to Split rows into columns

vik · ‎03-09-2023

I am trying to split the values in both the columns and create 5 rows by assigning respective values. I need an output as below. Can someone suggest how can I achieve this ?

I tried mvexpand but it does not seem to help. Anything else we can try ?

field1 | field 2

-------------------------------

Name 1 | 10

-------------------------------

Name 2 | 12

Tom_Lundie · ‎03-09-2023

How about something like this?

| eval tmp_field = mvzip(field1, field2, "-|-")
| fields - field1, field2
| mvexpand tmp_field
| makemv delim="-|-" tmp_field
| eval field1 = mvindex(tmp_field, 0)
| eval field2 = mvindex(tmp_field, 1)
| fields - tmp_field

View solution in original post

Tom_Lundie · ‎03-09-2023

How about something like this?

| eval tmp_field = mvzip(field1, field2, "-|-")
| fields - field1, field2
| mvexpand tmp_field
| makemv delim="-|-" tmp_field
| eval field1 = mvindex(tmp_field, 0)
| eval field2 = mvindex(tmp_field, 1)
| fields - tmp_field

vik · ‎03-09-2023

Thanks a lot!

How to Split rows into columns

field extraction

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation