cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
NicholasC
Explorer
Member since: ‎01-30-2012
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 3
Member Since ‎01-30-2012
Activity Feed
Topics I've Started
View All

Re: Formatting in CSV when using Stats

by in Splunk Search
‎02-03-2012 03:51 PM
‎02-03-2012 03:51 PM
The solution I ended up going with is to just copy and paste the data out of the web UI. If I have the results emailed from a scheduled search, the body of the email looks to be formatted correctly but this is due to the column widths forcing the values to wrap to a new line. Even in the email they are separated by a space and not a return. ... View more

Re: Formatting in CSV when using Stats

by in Splunk Search
‎01-31-2012 10:40 AM
‎01-31-2012 10:40 AM
I updated the original question to help clarify and provide more exacting examples. The primary reason I went with stats and used values was to be able to group data then report out the values I wanted in a grouped format. ... View more

Formatting in CSV when using Stats

by in Splunk Search
‎01-30-2012 04:16 PM
3 Karma
‎01-30-2012 04:16 PM
3 Karma
I'm using stats to group sets of data by IP C blocks. When I export the data I am looking for( in this case multiple user ID's per C) is formatted by a space per unique user id rather than a carriage return. When viewing the results prior to export in the web client the returned values are returned one per line, however when exporting its all values on one line separated by a space. Is there any way to separate values with a return rathern than a space? IE i see the following in the web client: values(UserId) ### ### ### ### however when exported into a csv i see(when opening with excel) values(UserId) ### ### ### ### I would prefer to have one result per line else i will need to post process the results and replace the spaces with returns. Edit for clarification: I am using quite a few additional columns in the CSV export, multiple values can occur in each additional column and ideally each event would display the corresponding values for each column. The results i get back look like (only using the first 6 due to formatting constraints) the following except every unique value for each Cblock is listed one after another on the same line, eg multiple email addresses and userid's per line separated by a space: Cblock values(UserId) values(Email) values(SignupIP) Values(IPCountry) values( PreferredCulture) 1.2.3 #### ####... people@fqd.com... 1.2.3.4 1.2.3.5... US en-us What i would hope to get back is: Cblock values(UserId) values(Email) values(SignupIP) Values(IPCountry) values( PreferredCulture) 1.2.3 #### people@fqd.com 1.2.3.4 US en-us 1.2.3 #### people1@fqd.com 1.2.3.5 US en-us 1.2.3 #### people4@fqd.com 1.2.3.7 US en-us 1.6.4 #### man@fqd1.com 1.6.4.2 PK en-us 1.6.4 #### bear@fqd1.com 1.6.4.6 PK en-us 1.6.4 #### dog@fqd1.com 1.6.4.8 PK en-us Sample of the log i am working with: 2012-01-31 09:58:00,112 Log="foo" SignupFeature = BAR Message = Welcome Email sent UserId = #### Email = people@domain.com FLName = "firstname.lastname" SignupIP = ###.###.###.### IPCountry = US PreferredCulture = en-us Referer = https://domain.com And the search i'm using to pull the data out (additional values are used but are removed for the example) SignupFeature="BAR" | rex field=SignupIP "(?<Cblock>\d+\.\d+\.\d+)" | stats values(UserId) values(Email) values(SignupIP) values(IPCountry) values(PreferredCulture) values(Referer) count(Cblock) AS Blocks BY Cblock | where Blocks>=2 The overall basic idea is to to group events by /24, gather all fields for all grouped events and export the matching grouped events with all fields in a format that lists one event per line Lastly here is a sample of the formatted results i am seeing in the web client. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All