![]() In the following example, the mvcount() function returns the number of email addresses in the To, From, and Cc fields and saves the addresses in the specified "_count" fields. | eval n=mvcount(multifield) Extended example If the field has no values, this function returns NULL. If the field contains a single value, this function returns 1. If the field is a multivalue field, returns the number of values in that field. This function takes a field and returns a count of the values in that field for each result. | makeresults | eval ipaddresses=mvappend("localhost", srcip, destip, "192.168.1.1") ![]() Note that the previous example generates the same results as the following example, which does not use a nested mvappend function: | eval ipaddresses=mvappend(mvappend("localhost", srcip), destip, "192.168.1.1") The results are placed in a new field called ipaddresses, which contains the array.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |