Splunk Search

How to create an array of values from a field?

naveenurs
Explorer

Hello,

I am trying to parse a field like the one below into an array of Key/Value pairs and access each array value separately

uatoken:
Macintosh; Intel Mac OS X 10_7_5
Windows NT 6.2; WOW64; rv:22.0
compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0; ARM; Touch; WPDesktop
compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0
Android; Mobile; rv:22.0
Macintosh; Intel Mac OS X 10_7_5
compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Linux; U; Android 4.0.3; en-us; HTC_X515C Build/IML74K
compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0
compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0
Windows NT 6.1; chromeframe/28.0.1500.72
Macintosh; Intel Mac OS X 10_8_4
compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0

The end result that I am looking for is
uatoken[0] OR uatoken0=compatible
uatoken[1] OR uatoken1=MSIE 10.0
uatoken[2] OR uatoken2=Windows NT 6.1
uatoken[3] OR uatoken3=Trident/6.0

How can I achieve this in Splunk?

Thanks in advance!!!

Tags (3)
0 Karma

naveenurs
Explorer

I was able to accomplish what I was looking for.

eventtype=video|eval uatokentmp=split(uatoken,";")|eval uatoken0=mvindex(uatokentmp,0)|eval uatoken1=mvindex(uatokentmp,1)|eval uatoken2=mvindex(uatokentmp,2)|eval uatoken3=mvindex(uatokentmp,3)|eval uatoken4=mvindex(uatokentmp,4)| eval uatoken5=mvindex(uatokentmp,5)|table uatoken0 uatoken1 uatoken2 uatoken3 uatoken4 uatoken5

Is there a better / more efficient way than this to accomplish this?

l0pher
Explorer

Thanks! mvindex is the function I was looking for.

0 Karma
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...