I have base search that was able to get me to this form in Splunk:
Name Value A 1 B 2 C 3
I need to create a new key value pair that goes A = 1, B = 2, C = 3 and so forth. Is this possible without regex?
Are you trying to convert rows into columns? See this gets you what you need.
your current search giving fields Name Value | eval temp=1 | xyseries temp Name Value
You want the mvzip function...
mvzip
| eval NameValue=mvzip(Name, value,"=")
I have tried this. The issue is that the data will appear as this:
NameValue A = 1 B = 2 C = 3...
I can of course do a mvexpand but I will like A,B,C to be the key for me to search easily meaning I can do this: | search A < 2 and so forth
