Solved: How to merge 6 fields into one field, but still re...

mansel_scheffel · ‎05-10-2016

Hi,

I have 6 fields A B C D E F - Each have multiple unique numerical values.. I need to merge these unique numerical values into one new field.. basically to make it seem as if the 6 fields don't exist and only the one field containing all the numerical values the six fields have individually.. I then want to display the top 10 values of this newly created single field.

Any thoughts?

Thanks!

somesoni2 · ‎05-10-2016

Give this a try

your base search | eval commonfield=fieldA." ".fieldB." ".fieldC." ".fieldD." ".fieldE." ".fieldF." " | makemv commonfield | top commonfield showperc=f

View solution in original post

somesoni2 · ‎05-10-2016

Give this a try

your base search | eval commonfield=fieldA." ".fieldB." ".fieldC." ".fieldD." ".fieldE." ".fieldF." " | makemv commonfield | top commonfield showperc=f

mansel_scheffel · ‎05-10-2016

Thanks for the help!

How to merge 6 fields into one field, but still return unique values?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

How to merge 6 fields into one field, but still return unique values?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...