Use makemv on all fields

I have quite a bit of single-value fields in my dataset which really should be multi-value fields. They are all formatted like this: field_name="field_val1\nfield_val2\nfield_val3\n ... field_valn" It looks like multiple different values for `field_name` have been crammed into a single value, wherein different strings (that really represent different values) are separated by newlines. I'd like to write a query to detect ALL of the fields whose value look like `field_name`'s value and convert each of these fields to multi-value fields. So far, I have figured out how to convert one single-value field with newlines into a multi-value field using the following spl query: index="my_data" | eval multi_field_name=field_name| rex mode=sed field=“multi_field_name" "s/\n/|/g" | makemv multi_field_name delim=“|” This query first copies over the value in `field_name` to `multi_field_name`, then replaces all the newlines in `multi_field_name` with `|` and finally converts `multi_field_name` into a true splunk multi-value field by breaking values up using the delimiter `|`. I want to write a similar query, but instead of passing a specific field to `rex`, I want to pass ALL fields to `rex`, so that every instance of a newline in my dataset can be replaced by a `|`. Then I want to use `makemv` on ALL fields with the delimiter `|`, to convert any single-value field with values delimited my newlines to a true multi-value field (as it should be). ____________________________________________________________________________ If this is not possible, then I'd like to try to at least write a query to return all the fields whose values have newlines in them, so I can get a sense of how many fields need to be changed. The following query is close to working (i think), but I haven't quite gotten it to work yet and I don't know what could possibly be wrong with it: index="my_data" | fieldsummary | eval fieldType=if(match(values,"\n"),"Multi","Single") | where fieldType="Multi" If anyone could help me with either of these queries, I'd be very appreciative :) Thanks!

Use makemv on all fields

Trending Articles

Moondru Mudichu 29-01-2016 – Polimer tv Serial

Trainee doctor 'invited himself' to woman's home and began affair, tribunal...

DivineBitches--DiB-35420 Bella Rossi and Rob Yaeger Hi

Black Angus Grilled Artichokes

Paedophile jailed for ten years

16 Girls Get Pregnant After A Boy Ejaculated In A Swimming Pool

Reverend Holmes Williams passes away

Panty fight

Navneet Singh Tuli attempts suicide

The Unlikely Best Friends Extra Questions Answer Class 6 English Poorvi

Jailed rapist claimed the 10-year-old girls he abused 'wrecked his life'

Msaada matokeo ya NECTA form four 1999

Transformation of Sentence for HSC Students

A critical system process, C:\Windows\system32\lsass.exe, failed with status...

Sarah Samis, Emil Bove III

GS-1 / EAN 128 barcode in Smartforms

Premier League 2023-2024 Font (OTF & Vector)

Solved CBSE Sample Papers for Class 9 English Set 1

AP Inter 1st / 2nd Year Hall Tickets Download 2019

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise