Splunk Search

newline in Splunk query

v709587
Explorer

Hi,

Please help me with a newline command in Splunk query

Tags (1)
0 Karma
1 Solution

harishalipaka
Motivator

[Updated]

hi @v709587 try this below query

|makeresults |eval IMSI1="This is Splunk Dashboard. The list of hosts are as shown."   | makemv delim="." IMSI1 | mvexpand IMSI1 |table IMSI1

if you want to add new row try append, appendpipe

if you want to add new column try appendcols

Thanks
Harish

View solution in original post

0 Karma

harishalipaka
Motivator

[Updated]

hi @v709587 try this below query

|makeresults |eval IMSI1="This is Splunk Dashboard. The list of hosts are as shown."   | makemv delim="." IMSI1 | mvexpand IMSI1 |table IMSI1

if you want to add new row try append, appendpipe

if you want to add new column try appendcols

Thanks
Harish
0 Karma

v709587
Explorer

This works !!!. Thank You

0 Karma

v709587
Explorer

However,
"eval Impact=Column3.Column1" displays "Column1" and "Column3" as result and not the value of those parameters. Please help.

This is my query
|inputlookup file.csv | where Column1="$Column1$" and Column2="$Column2$" | return $Column3 | eval Impact=Column3.Column1 | makemv delim="." Impact | mvexpand Impact | table Impact

0 Karma

v709587
Explorer

$Column1
$Column1$
"$Column1"
"$Column$"

None of the above work.

0 Karma

vnravikumar
Champion

Hi
Can you give more information, what you are really expecting?

0 Karma

v709587
Explorer

eg: "This is Splunk Dashboard. The list of hosts are as shown."

I want to display these 2 lines in 2 different lines within same row, same panel.

0 Karma

vnravikumar
Champion

To understand more clearly, whether it is possible to give mock screenshot.

0 Karma

v709587
Explorer

Thanks Ravi for your help

0 Karma
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...