I am VERY new to splunk so please bear with me. I have a search,
index=vulnerability "list of packages installed on the remote" myserver.com | rex field=output "\n{1,3}\s{2,4}(?<ProgramNameOutput>[^|]+)" max_match=5000 | table ProgramNameOutput
Which produces the following fictional output:
See if the mvfilter function helps.
index=vulnerability "list of packages installed on the remote" myserver.com
| rex field=output "\n{1,3}\s{2,4}(?<ProgramNameOutput>[^|]+)" max_match=5000
| eval ProgramNameOutput = mvfilter(match(ProgramNameOutput, "libvirt"))
| table ProgramNameOutput
See if the mvfilter function helps.
index=vulnerability "list of packages installed on the remote" myserver.com
| rex field=output "\n{1,3}\s{2,4}(?<ProgramNameOutput>[^|]+)" max_match=5000
| eval ProgramNameOutput = mvfilter(match(ProgramNameOutput, "libvirt"))
| table ProgramNameOutput
Well that did the trick Rich! Thank you...