Detaillierter Kursinhalt
Module 1 – What are Multivalue Fields?
- Define multivalue fields
- Define self-describing data
- Understand how JSON data is handled in Splunk
- Use the spath command to interpret self-describing data
- Manipulate multivalue fields with mvzip and mvexpand
- Convert single-value fields to multivalue fields with specific commands and functions
Module 2 – Create Multivalue Fields
- Create multivalue fields with the makemv command and the split function of the eval command
Module 3 – Evaluate Multivalue Fields
- Use the mvcount, mvindex, and mvfilter eval functions to evaluate multivalue fields
Module 4 – Analuze Multivalue Data
- Use the mvsort, mvzip, mvjoin, mvmap, and mvappend eval functions and the mvexpand command to analyze multivalue data