Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

reformatting output in table

secure
Path Finder
‎03-20-2025 10:36 AM

Hi everyone

i have a dataset

| makeresults
| eval APP1="appdelta", hostname1= mvappend("syzhost.domain1","abchost.domain1","egfhost.domain1"),hostname2=mvappend("syzhost.domain1","abchost.domain1")
| fields - _time

secure_0-1742492148693.png

i want the final output to be like below 

APP1hostname1hostnames2
appdeltasyzhost.domain1syzhost.domain1
appdeltaabchost.domain1abchost.domain1
appdeltaegfhost.domain1 

 

any suggestions 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎03-24-2025 09:21 PM

You need to describe the logic from the input to the desired output.  There are at least two possible ways to match hostname1 and hostname2:

  1. Match by position.  This is the route @ITWhisperer takes.
  2. Match by hostname.

If the requirement is to match by name, this is one way to do it.

| foreach hostname1 hostname2
    [eval matchhost = if(isnull(matchhost) OR mvcount(<<FIELD>>) > mvcount(matchhost), <<FIELD>>, matchhost)]
| mvexpand matchhost
| foreach hostname1 hostname2
    [eval <<FIELD>> = mvindex(<<FIELD>>, mvfind(<<FIELD>>, matchhost))]
| fields - matchhost
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-20-2025 11:04 AM 
| eval row=mvrange(0,max(mvcount(hostname1), mvcount(hostname2)))
| mvexpand row
| eval hostname1=mvindex(hostname1,row)
| eval hostname2=mvindex(hostname2,row)
| fields - row
0 Karma
Reply
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...