Values function separator

ERICKWONG · ‎09-10-2013

My query is the following
index="_internal" | table host | stats values(host)

output:

values(host)

host1

host2

I want the output is the following

output:

values(host)

host1,

host2

Is there any method to do ?

ERICKWONG · ‎09-10-2013

Is there any method to add a line break between?
Not only a comma.

output:
host1,
host2,
host3

ERICKWONG · ‎09-10-2013

index=_internal | stats values(host) as somename | eval somename=mvjoin(somename,",")

It works@@, Thx~

Ayn · ‎09-10-2013

So, you want to have one row of comma-separated values instead of separate ones? If so, you could do

index=_internal | stats values(host) as somename | eval somename=mvjoin(somename,",")

ERICKWONG · ‎09-10-2013

I want to add a "comma" in my result

host1,host2

Is there any function to do?

ERICKWONG · ‎09-10-2013

I want to add a "comma" in my result

host1,host2

Ayn · ‎09-10-2013

The first row is a header row so it'd be misleading to put an actual field value there. You can rename the text in the header if you want:

index=_internal | stats values(host) as someothername

(I removed the table command in your search because you don't need it)

Are you a member of the Splunk Community?