Splunk Search

Merging two sets of multivalue data in an order without regex


I have base search that was able to get me to this form in Splunk:

Name Value
A 1
B 2
C 3

I need to create a new key value pair that goes A = 1, B = 2, C = 3 and so forth. Is this possible without regex?

0 Karma

Revered Legend

Are you trying to convert rows into columns? See this gets you what you need.

your current search giving fields Name Value
| eval temp=1 | xyseries temp Name Value
0 Karma


You want the mvzip function...

 | eval NameValue=mvzip(Name, value,"=")


I have tried this. The issue is that the data will appear as this:

A = 1
B = 2
C = 3...

I can of course do a mvexpand but I will like A,B,C to be the key for me to search easily meaning I can do this:
| search A < 2 and so forth

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

<P style=" text-align: center; "><span class="lia-inline-image-display-wrapper lia-image-align-center" ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

<FONT size="5"><FONT size="5" color="#FF00FF">Get the latest news and updates from the Splunk Community ...