Splunk Search

How to create a field with selected values of the same field

umsundar2015
Path Finder

Hi ,

I have OS field which has many rows .In that i need to filter only the below values and create a field ,
Windows Server 2012 R2 Standard
Windows 7
Windows Server 2012
Windows 7 Enterprise
Windows 10
Microsoft Windows Server 2008 R2 Standard
Microsoft Windows Server 2008 R2 Enterprise
Microsoft Windows 2008 Server Standard
Windows 8
Windows 10 Enterprise

When i use match function like ,
eval OS=mvfilter(match(OS,"Windows Server 2012 R2 Standard") OR match(OS,"Windows Server 2012") OR match(OS,"Windows 7")) |stats count by OS

I am getting other values "Windows 7 embedded " also which i dont need in the list of values.

Please help to filter the exact values which i needed above.

Thanks .

0 Karma

vik_splunk
Communicator

Hi @umsundar2015

A few different ways to do this.

1)Using replace : If your "other" options are limited, you could do something like below

|replace "Windows 7 embedded" WITH "Windows 7" IN OS (You can use wild characters and multiple values to replace in one single command.

Reference here : http://docs.splunk.com/Documentation/Splunk/7.2.1/SearchReference/Replace

2)Using eval case : Spinning up an example without sample data is going to be difficult but a sample query will look like

|eval OS=case(match(OS,"Windows 7 embedded"),"Windows 7,..... series of such match functions(or can use simple OS==),finally a default match)

Reference here: http://docs.splunk.com/Documentation/Splunk/7.2.1/SearchReference/ConditionalFunctions

Hope that helps!

0 Karma

vik_splunk
Communicator

If this answerd your question @umsundar2015, please mark it as closed/upvote.

0 Karma
Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...