Solved: How to merge 6 fields into one field, but still re...

mansel_scheffel · ‎05-10-2016

Hi,

I have 6 fields A B C D E F - Each have multiple unique numerical values.. I need to merge these unique numerical values into one new field.. basically to make it seem as if the 6 fields don't exist and only the one field containing all the numerical values the six fields have individually.. I then want to display the top 10 values of this newly created single field.

Any thoughts?

Thanks!

somesoni2 · ‎05-10-2016

Give this a try

your base search | eval commonfield=fieldA." ".fieldB." ".fieldC." ".fieldD." ".fieldE." ".fieldF." " | makemv commonfield | top commonfield showperc=f

View solution in original post

somesoni2 · ‎05-10-2016

Give this a try

your base search | eval commonfield=fieldA." ".fieldB." ".fieldC." ".fieldD." ".fieldE." ".fieldF." " | makemv commonfield | top commonfield showperc=f

mansel_scheffel · ‎05-10-2016

Thanks for the help!

How to merge 6 fields into one field, but still return unique values?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Are you a member of the Splunk Community?

How to merge 6 fields into one field, but still return unique values?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!