Topic 1 – What are Multi-value Fields?
- Define multi-value fields
- Define self-describing data
- Understand how JSON data is handled in Splunk
- Use the spath command to interpret self-describing data
- Manipulate multi-value fields with mv zip and mv expand
- Convert single-value fields to multi-value fields with specific commands and functions
Topic 2 – Create Multi-value Fields
- Create multi-value fields with the make mv command and the split function of the eval command
Topic 3 – Evaluate Multi-value Fields
- Use the mv count, mv index, and mv filter eval functions to evaluate multi-value fields
Topic 4 – Analyze Multi-value Data
- Use the mv sort, mv zip, mv join, mv map, and mv append eval functions and the mv expand command to analyze multi-value data