I have a multivalue field, which I would like to expand to individual fields, like so: | makeresults count=1
| eval a=mvappend("1","7")
| eval a_0=mvindex(a,0,0)
| eval a_1=mvindex(a,1...
...ariables. I need splunk to pull out the values of the variables i tell it to but grouped together. I tried breaking this up using MVexpand but when I do it groups up the names in one log and the r...
Hello I am a bit confused here but I have a search that runs and creates a multivalue field called "tags{}.name". This is a multivalue field pulled from JSON data. However when I then use the o...
Hello, I have table below I want to expand the ERRORS row without expanding names column names errors B 3 4 5 C 1 3 D 3 4 5 E 1 5 I want the o/p to be in t...
Hello, I am wondering what the best way to find a value in one my fields matches what is in a mv field. I cannot use mvexpand and a where due to the storage limit I encounter. Is there a way to s...
So I have a field named "domain" that has values of single domains (A, B, C) and combinations of domains with two different values.
A B C A/B A/C A, B C, D I can successfully split the value...
...o the line in "participants{}.role" and I would like named victims and offender fields. I dont understand how to use the mv commands to expand the data from two different fields and then c...
I got the output in the form of search is : stats values(status) by id.. Id status ID Status 1 Agreed N/A Negoiate 2 Agreed Submitted I want to get the values in...
...hose blocks, how do I combine them? With mvzip, I can combine two. This lets me parse out the specific value for another value.
FieldA FieldB FieldC
Q...
Hi, I am trying to report on access requests to actual logins. I have a list of events from our systems of when users have logged in: | table _time os host user clientName clientAddress signature ...