Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Split block of data into multiple rows

g_paternicola
Path Finder
‎02-10-2022 01:49 AM

Hello everyone

I'm trying to get a list of ip addresses from an internet page and put them after that into a lookup table. My issius is that I can't use mvexpand to put every ip addresses into a single row...

here my search:

| curl method=get uri=https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
| fields curl_message 
| rex field=curl_message mode=sed "s/.*#//g"
| rex field=curl_message mode=sed "s/DstIP//g"
| rex field=curl_message mode=sed "s/^\s+//g"

and as results I will get a big block of data in one single row. How can I split these in multiple rows?

g_paternicola_0-1644486533083.png

 

Thank you all for the support.

Labels (5)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
Champion
‎02-11-2022 12:30 AM 
| mvexpand curl_message

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

VatsalJagani
Champion
‎02-11-2022 12:30 AM 
| mvexpand curl_message
0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-10-2022 03:00 AM 
| stats count by curl_message
0 Karma
Reply
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...