- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
I have few results which look like below in a table command. They are the values which are extracted from the xml data (using rex and mv_add) which has multiple matches in a single event.
name number id emplid
1
aaa 123 897hjhuih 908908
bbb 234 hkhkjh 8nknkjn
2
ahkjhkj 12453 897hj545huih 9089fgfg08
bbjdkljsb 23544 hkhk5454jh 8nknkjn54353
I want to split them to separate rows in table so that it considers the results separate while exporting to a csv.
name number id emplid
1 aaa 123 897hjhuih 908908
2 bbb 234 hkhkjh 8nknkjn
3 ahkjhkj 12453 897hj545huih 9089fgfg08
4 bbjdkljsb 23544 hkhk5454jh 8nknkjn54353
I tried mvexpand and xmlkv but they dont work. Any idea on how to achieve this? How did you approach it when you faced this issue
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got it to work. Used this http://answers.splunk.com/answers/123887/how-to-expand-multiple-multivalue-fields as an idea on how to solve this issue. Works beautifully.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got it to work. Used this http://answers.splunk.com/answers/123887/how-to-expand-multiple-multivalue-fields as an idea on how to solve this issue. Works beautifully.
