How to graph a field with a string of multiple com...

npestana88 · ‎04-15-2015

My database consists of many different source files, each associated with a different test, and each has different field values to represent different variables in the test (temperature, size, date, ect.) along with two fields that are a long test string of comma separated values (e.g. vpp 2,4,3,2,5.3,2.4...). What I would like to do is search for one or more of the variables, identify the source, and then plot the values represented by the comma separated values string. Is there a way to do this within splunk or do I have to use an external perl or python script?

stephane_cyrill · ‎04-15-2015

Hi npestana88,
to be able to use the multivalue separated by comma, you have to first expand the field.

to expand a field like vpp for exemple:

.......|makemv delim="," vpp |mvexpand vpp |table vpp

Now that your field is expand, you can plot them as you desire

How to graph a field with a string of multiple comma separated values?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

How to graph a field with a string of multiple comma separated values?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >