Solved: How to use delim with stats?

adityainamdar89 · ‎06-30-2014

How to use delim with stats? Multivalued fields generated after using list() in stats is resulting in space-separated values to be emailed to me in a scheduled search rather than them appearing on a new line. Will delim be helpful? If not, is there any other way?

adityainamdar89 · ‎07-01-2014

I found this solution to my problem:

| stats delim=":" list(XYZ) as XYZ BY CRITERIA
| rex mode=sed field=XYZ "s/:/\n/g"

This gives you the results on new lines in the table emailed from splunk.

View solution in original post

adityainamdar89 · ‎07-01-2014

Thanks..I figured out the solution 🙂

adityainamdar89 · ‎07-01-2014

I found this solution to my problem:

| stats delim=":" list(XYZ) as XYZ BY CRITERIA
| rex mode=sed field=XYZ "s/:/\n/g"

This gives you the results on new lines in the table emailed from splunk.

View solution in original post

ppablo · ‎07-01-2014

Glad you found a solution @adityainamdar89 🙂 Be sure to accept your answer (clicking on the check mark to the left of this answer) so other users with similar issues will look to this post for help. You also get some karma points too!

martin_mueller · ‎07-01-2014

You can for example set delim=";" and your values will be separated by a semicolon... however, I haven't gotten a newline to work.

How to use delim with stats?

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >