Hey guys,
thanks for taking time out of your day. I'm relatively new to Splunk and just need help with formatting some output from a search. Essentially, this is what I have:
source=sourcetype | fieldA=*, fieldB=* | table _time, fieldA, fieldB | sort fieldA => that outputs this:
_time | fieldA | fieldB
datetime | JohnDoe | 123456
datetime | JohnDoe | 7890
I'd like it to output:
_time | fieldA | fieldB
datetime | JohnDoe | 123456, 7890
I'm just having some trouble with the syntax. Thanks again for your time!
... View more