Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to multivalue field creation where I separate two lines?

venky1544
Builder
‎03-08-2022 08:42 AM

how can i create a multivalue field using makeresults command like

 

|makeresults |eval value_1= " one" 

"two"

there should be a new line between the two words 

Labels (1)
Labels
0 Karma
Reply

somesoni2
Revered Legend
‎03-08-2022 10:31 AM

Try something like these

| makeresults | eval value_1=split("one two"," ")
OR
| makeresults | eval value_1="one,two" | makemv value_1 delim=","
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-08-2022 08:52 AM

Use the split function.

| makeresults |eval value_1= " one" 
"two"
| eval value_1 = split(value_1, "
")

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...