Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I refer to the first, nth or last value of a multivalue field?

cfrln
Explorer
‎01-29-2010 08:08 PM

I am using the transaction command to sessionize web access log events and therefore have made referer, uri etc. into multivalue fields. How do I report on the first value of referer? The second page visited? The exit page?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎01-29-2010 08:18 PM

You can use the mvindex eval function that's described in: http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/CommonEvalFunctions

As an example: ... | eval second_uri = mvindex(uri, 1) | ...

View solution in original post

Reply
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎01-29-2010 08:18 PM

You can use the mvindex eval function that's described in: http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/CommonEvalFunctions

As an example: ... | eval second_uri = mvindex(uri, 1) | ...

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎02-01-2010 08:29 AM

hulahoop, the field value ordering is controlled by the "mvlist" parameter of the "transaction" command: http://www.splunk.com/base/Documentation/latest/SearchReference/Transaction

Reply
Solved! Jump to solution

hulahoop
Splunk Employee
Splunk Employee
‎01-29-2010 08:46 PM

Very cool! Are mv fields sorted by time in a transaction?

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...