Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

data extraction

Siddharthnegi
Contributor
‎09-01-2024 10:10 PM

hello  I am getting a field port in event .
ports="['22', '68', '6556']"
how can i display them in separate rows.

0 Karma
Reply

kiran_panchavat
Motivator
‎09-06-2024 07:46 AM

@Siddharthnegi You can use the mvexpand command in Splunk to separate the port numbers into individual rows. 

kiran_panchavat_1-1725633937731.png

 

If the above solution works, an upvote is appreciated !!

 
 

 

I hope this helps, if any reply helps you, you could add your upvote/karma points to that reply, thanks.
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-02-2024 12:05 AM 
| rex field=ports max_match=0 "(?<port>\d+)"
| mvexpand port
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...