Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

How can I concatenate a single field's value across a multiple rows into a single string?

$
0
0
Search: index=exp eventName="business:SelfServ-ChangeTrip" ChangeBookingEventType=ChangeBookingPayloadChunk hotelChangePayloadId="24c51841-8188-448b-9f4a-26f978ae4af9" | sort chunkSequence | fields payload Results: date payload XXXX String 1- XXXX String 2- I'd like the result to be: date payload XXXX String 1-String 2- Obviously I don't care about the date, but I can't seem to get rid of it with `fields -_*` without messing up the entire search.

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>