I've got a bit of a weird situation and I don't have the Splunk technical know-how to fix it myself, so I thought I'd put it here and see if someone else has a solution. I'm using a search

| inputlookup CISOVRMTier0Unixweekly.csv
| search pluginName IN ("*Java*" "*java*") NOT pluginID IN (83186 83186 87011 87171 87312 90709 92606 94511 96610 96803 138506 139583 140504)
| rex field=pluginText "remote host :[\r\n][\r\n](?<pluginText1>[\w\W]*)"
| rex field=pluginText "Remote package installed : (?<RHEL>.+)" max_match=0
| makemv delim="

" pluginText1
| mvexpand pluginText1
| rex field=pluginText1 "Path : (?<Path>.+)" max_match=0
| rex field=pluginText1 "Installed version : (?<Installed>.+)" max_match=0
| fillnull value=NULL Path
| eval Installed=case(Path="NULL",RHEL, 1=1, Installed)
| mvexpand Path
| eval patchPubDate=strptime(patchPubDate, "%m/%d/%Y")
| stats min(patchPubDate) as patchPubDate last(dnsName) as dnsName last(netbiosName) as netbiosName max(vprScore) as vprScore values(Name) as Name values(macAddress) as macAddress values(EIR) as EIR values(Acronym) as Acronym values(Environment) as Environment values(CMDB-OS) as CMDB-OS values(PortfolioMgr) as PortfolioMgr values(ProgMgr) as ProgMgr values(SCMgr) as SCMgr values(SCBPL) as SCBPL values(ISSO) as ISSO values(CMDB_Name) as CMDB_Name values(HostName) as HostName by Path Installed ip operatingSystem
| eval patchPubDate=strftime(patchPubDate, "%x")
| table CMDB_Name HostName ip Path Installed operatingSystem vprScore patchPubDate Name dnsName macAddress EIR Acronym Environment CMDB-OS PortfolioMgr ProgMgr SCMgr SCBPL ISSO

Which works great, but I don't like the part that reads:

| makemv delim="

" pluginText1


Which exists to represent two carriage returns, but I don't know what I could do to replace it. I've tried variations of [\r\n] and they don't seem to work, and I don't know what I'm doing wrong. Can someone offer me some suggestions or ideas?