nomv
Description
Converts values of the specified multivalue field into one single value. Separates the values using a new line "\n
delimiter.
Overrides the configurations for the multivalue field that are set in the fields.conf
file.
Syntax
nomv <field>
Required arguments
- field
- Syntax: <field>
- Description: The name of a multivalue field.
Usage
The nomv
command is a distributable streaming command. See Command types.
You can use evaluation functions and statistical functions on multivalue fields or to return multivalue fields.
Examples
Example 1:
For sendmail events, combine the values of the senders field into a single value. Display the top 10 values.
eventtype="sendmail" | nomv senders | top senders
See also
Commands:
makemv
mvcombine
mvexpand
convert
Functions:
Multivalue eval functions
Multivalue stats and chart functions
split
mvexpand | outlier |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403 (latest FedRAMP release), 9.2.2406
Feedback submitted, thanks!