Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About Yossarian622
Yossarian622
Engager
Member since:
02-15-2023
09-11-2024
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 02-15-2023 |
Activity Feed
- Posted Re: Explode line into multiple lines on Splunk Search. 09-11-2024 02:23 PM
- Posted Explode line into multiple lines on Splunk Search. 09-11-2024 01:16 PM
- Posted Re: How to achieve field with a value containing commas? on Splunk Search. 02-16-2023 09:13 AM
- Posted Re: How to achieve field with a value containing commas? on Splunk Search. 02-16-2023 08:40 AM
- Posted Re: How to achieve field with a value containing commas? on Splunk Search. 02-15-2023 01:51 PM
- Posted How to achieve field with a value containing commas? on Splunk Search. 02-15-2023 12:47 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
09-11-2024
02:23 PM
Yes! a combination of makemv delim="," views and mvexpand views got me what I was looking for. thanks!
... View more
09-11-2024
01:16 PM
Howto to explode 1 row to several breaking out a multi-value field. app=ABC client=AA views=View1,View2 app=ABC client=AA views=View1,View2,View3 app=ABC client=BB views=View1,View3 app=ABC client=CC views=View3,View2,View1 I want to table that to column data: app client view ABC AA View1 ABC AA View2 ABC AA View1 ABC AA View2 ABC AA View3 ABC BB View1 ABC BB View3 ABC CC View3 ABC CC View2 ABC CC View1 So that I can run count on that resultant rows app client view count ABC AA View1 2 ABC AA View2 2 ABC AA View3 1 ABC BB View1 1 ABC BB View3 1 ABC CC View3 1 ABC CC View2 1 ABC CC View1 1
... View more
Labels
- Labels:
-
count
02-16-2023
09:13 AM
sorry but I am still only getting the first value before the first comma do I need to do a re eval should I be using mvindex in some form?
... View more
02-16-2023
08:40 AM
sorry but I am still only getting the first value before the comma/hyphen. do I need to re eval the whole line?
... View more
02-15-2023
01:51 PM
I added: | kv pairdelim="|" but stats is still only showing me the first value before the comma or - if i keep the rex mode=sed field=_raw "s/,/-/g"
... View more
02-15-2023
12:47 PM
Unfortunately I have no control over the log data formatting...
it is in format: Field1=Value1|Field2=Value2| ... |Criteria=one,two,three,99.0|...
I have one field, Criteria, that has many values with embedded commas.
Splunk search only give me the first value... I want all values treated as one in a stats count by
I tried below to rewrite them, and do see the changes, but stats still getting only first value.
index=myidx Msg=mymsg | rex mode=sed field=_raw "s/,/-/g" | bucket span=1d _time as ts | eval ts=strftime(ts,"%Y-%m-%d") | stats count by ts Criteria
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-11-2024
05:44 PM
|
