My query is the following index="_internal" | table host | stats values(host)
output: values(host) host1 host2
I want the output is the following
output: values(host) host1, host2
Is there any method to do ?
Is there any method to add a line break between? Not only a comma.
output: host1, host2, host3
index=_internal | stats values(host) as somename | eval somename=mvjoin(somename,",")
It works@@, Thx~
So, you want to have one row of comma-separated values instead of separate ones? If so, you could do
I want to add a "comma" in my result
host1,host2
Is there any function to do?
The first row is a header row so it'd be misleading to put an actual field value there. You can rename the text in the header if you want:
index=_internal | stats values(host) as someothername
(I removed the table command in your search because you don't need it)
