Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to graph a field with a string of multiple comma separated values?

npestana88
New Member
‎04-15-2015 12:46 PM

My database consists of many different source files, each associated with a different test, and each has different field values to represent different variables in the test (temperature, size, date, ect.) along with two fields that are a long test string of comma separated values (e.g. vpp 2,4,3,2,5.3,2.4...). What I would like to do is search for one or more of the variables, identify the source, and then plot the values represented by the comma separated values string. Is there a way to do this within splunk or do I have to use an external perl or python script?

Tags (3)
0 Karma
Reply

stephane_cyrill
Builder
‎04-15-2015 04:10 PM

Hi npestana88,
to be able to use the multivalue separated by comma, you have to first expand the field.

to expand a field like vpp for exemple:

.......|makemv delim="," vpp |mvexpand vpp |table vpp

Now that your field is expand, you can plot them as you desire

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...