Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to split results which are combined in a table and export to a csv?

theouhuios
Motivator
‎09-03-2014 11:40 AM

Hello

I have few results which look like below in a table command. They are the values which are extracted from the xml data (using rex and mv_add) which has multiple matches in a single event.

    name   number id        emplid
 1  
    aaa    123  897hjhuih   908908 
    bbb    234  hkhkjh      8nknkjn

2
    ahkjhkj      12453  897hj545huih    9089fgfg08 
    bbjdkljsb    23544  hkhk5454jh      8nknkjn54353

I want to split them to separate rows in table so that it considers the results separate while exporting to a csv.

  name        number  id             emplid
1 aaa         123     897hjhuih      908908
2 bbb         234     hkhkjh         8nknkjn
3 ahkjhkj     12453   897hj545huih   9089fgfg08
4 bbjdkljsb   23544   hkhk5454jh     8nknkjn54353

I tried mvexpand and xmlkv but they dont work. Any idea on how to achieve this? How did you approach it when you faced this issue

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

theouhuios
Motivator
‎09-04-2014 04:52 AM

Got it to work. Used this http://answers.splunk.com/answers/123887/how-to-expand-multiple-multivalue-fields as an idea on how to solve this issue. Works beautifully.

View solution in original post

Reply
Solved! Jump to solution
Solution

theouhuios
Motivator
‎09-04-2014 04:52 AM

Got it to work. Used this http://answers.splunk.com/answers/123887/how-to-expand-multiple-multivalue-fields as an idea on how to solve this issue. Works beautifully.

Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...