- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reference : https://docs.splunk.com/Documentation/Splunk/8.1.1/SearchReference/Mvcombine
The mvcombine command creates a multivalue version of the field you specify, as well as a single value version of the field. The multivalue version is displayed by default.
The single value version of the field is a flat string that is separated by a space or by the delimiter that you specify with the delim argument.
Try below searches one by one to understand the difference
1.
| makeresults count=10
| streamstats count
2.
| makeresults count=10
| streamstats count
| mvcombine delim="," count
3.
| makeresults count=10
| streamstats count
| mvcombine delim="," count
| nomv count
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great example, thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reference : https://docs.splunk.com/Documentation/Splunk/8.1.1/SearchReference/Mvcombine
The mvcombine command creates a multivalue version of the field you specify, as well as a single value version of the field. The multivalue version is displayed by default.
The single value version of the field is a flat string that is separated by a space or by the delimiter that you specify with the delim argument.
Try below searches one by one to understand the difference
1.
| makeresults count=10
| streamstats count
2.
| makeresults count=10
| streamstats count
| mvcombine delim="," count
3.
| makeresults count=10
| streamstats count
| mvcombine delim="," count
| nomv count
What goes around comes around. If it helps, hit it with Karma 🙂
