Solved: How to merge 6 fields into one field, but still re...

mansel_scheffel · ‎05-10-2016

Hi,

I have 6 fields A B C D E F - Each have multiple unique numerical values.. I need to merge these unique numerical values into one new field.. basically to make it seem as if the 6 fields don't exist and only the one field containing all the numerical values the six fields have individually.. I then want to display the top 10 values of this newly created single field.

Any thoughts?

Thanks!

somesoni2 · ‎05-10-2016

Give this a try

your base search | eval commonfield=fieldA." ".fieldB." ".fieldC." ".fieldD." ".fieldE." ".fieldF." " | makemv commonfield | top commonfield showperc=f

View solution in original post

somesoni2 · ‎05-10-2016

Give this a try

your base search | eval commonfield=fieldA." ".fieldB." ".fieldC." ".fieldD." ".fieldE." ".fieldF." " | makemv commonfield | top commonfield showperc=f

mansel_scheffel · ‎05-10-2016

Thanks for the help!

How to merge 6 fields into one field, but still return unique values?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

How to merge 6 fields into one field, but still return unique values?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits