Split same field values into two fields.

Aaditya Khati

December 08, 2022 13:03

0

If i have an event_category= User, Logon. I want to be able to create new fields (e.g. X, Y) and present data like X=User and Y=Logon. What would be the query to showcase this in result.

1 comment

Date Votes

0

Mike Blomgren December 08, 2022 13:41

Hi,

You can use the ‘norm on’ command to identify individual fields/values within a specific field:

https://docs.logpoint.com/docs/search-query-language/en/latest/Search%20Query%20Language/One-to-One%20Commands.html#norm

https://docs.logpoint.com/docs/data-integration-guide/en/latest/Configuration/List%20of%20Definers.html

Untested, but in your case it should look like something this:

norm on event_category <X:string>, <Y:string> | fields event_category, X, Y

Please sign in to leave a comment.