Solved: Split block of data into multiple rows

g_paternicola · ‎02-10-2022

Hello everyone

I'm trying to get a list of ip addresses from an internet page and put them after that into a lookup table. My issius is that I can't use mvexpand to put every ip addresses into a single row...

here my search:

| curl method=get uri=https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
| fields curl_message 
| rex field=curl_message mode=sed "s/.*#//g"
| rex field=curl_message mode=sed "s/DstIP//g"
| rex field=curl_message mode=sed "s/^\s+//g"

and as results I will get a big block of data in one single row. How can I split these in multiple rows?

Thank you all for the support.

VatsalJagani · ‎02-11-2022

| mvexpand curl_message

View solution in original post

VatsalJagani · ‎02-11-2022

| mvexpand curl_message

ITWhisperer · ‎02-10-2022

| stats count by curl_message

Split block of data into multiple rows

fields

lookup

regex

rex

subsearch

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Split block of data into multiple rows