Solved: Re: Events containing multiple results when import...

kgiri253 · ‎09-08-2022

As we can see below the two events contain multiple results. But when I try to export it as csv all these events get merged into a single row one after the other.

Currently merged output in for one event ---> result1 result2 result3 result4

But I want the data to be exported in csv as it is (i.e all the results in different rows)

yuanliu · ‎09-09-2022

Oh, I took shortcut with Splunk's autoformating. Just remove leading space after newline.

| foreach *
    [ eval <<FIELD>> = mvjoin(<<FIELD>>, "
") ]

(Autoformating is a great assistant but...)

View solution in original post

yuanliu · ‎09-09-2022

If line break is the only thing that matters, you can use this crude method

| foreach *
    [ eval <<FIELD>> = mvjoin(<<FIELD>>, "
    ") ]

BTW, your subject line says "imported" as opposed to "exported".

kgiri253 · ‎09-09-2022

@yuanliuthanks for your help, it worked but now only the first result is correctly aligned, rest of the results can be seen with extra space. Please refer to the image below.

Thanks for correcting the import -> export error

yuanliu · ‎09-09-2022

Oh, I took shortcut with Splunk's autoformating. Just remove leading space after newline.

| foreach *
    [ eval <<FIELD>> = mvjoin(<<FIELD>>, "
") ]

(Autoformating is a great assistant but...)

Why are events containing multiple results when exported as csv getting merged in single row one after the other?

other

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!