Solved: Take the first value of each multivalue field

sbsbb · ‎05-21-2013

I have a big xml I wan't to make flat :

element1
...
subelement1
 subelement1.1
 subelement1.2
subelement2
 subelement2.1
 subelement2.2

If I make an spath, let say at subelement, I have all the subelements as multivalue.
With nomv, I'm able to convert mvfields into singlevalue, but the content contains all the values...
What I want, is having only the first value from the mvfields...

I have lot of them, so I don't wan't to make an spath, with a path for each...

kristian_kolb · ‎05-21-2013

... | eval my_number_1 = mvindex(my_multivalue_field, 0)

See more about the mv*() functions here;

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonEvalFunctions

/K

View solution in original post

kristian_kolb · ‎05-21-2013

... | eval my_number_1 = mvindex(my_multivalue_field, 0)

See more about the mv*() functions here;

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonEvalFunctions

/K

Take the first value of each multivalue field

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Take the first value of each multivalue field

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!