Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Simple way to turn multivalue field into a table?

alexander_lucas
Explorer
‎06-13-2012 07:36 PM

Is the a function that does this:

... | mvmap data (fname, lname, age, height) | table lname, age

(where data is a multivalue field)

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎06-13-2012 10:02 PM

No. You probably need something like:

... | fields lname age | eval z=mvzip(lname,age,":") | mvexpand z | eval z=split(z,":") | eval lname=mvindex(z,0) | eval age=mvindex(z,1) | fields - z

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎06-13-2012 10:02 PM

No. You probably need something like:

... | fields lname age | eval z=mvzip(lname,age,":") | mvexpand z | eval z=split(z,":") | eval lname=mvindex(z,0) | eval age=mvindex(z,1) | fields - z
Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...