# cfxdm - dm:mergecolumns

**dm:mergecolumns:** This cfxdm tag allows the user to select multiple columns using include or exclude columns options using a regular expression format and merge them into a single target column.

**dm:mergecolumns** synta&#x78;**:**&#x20;

* **include (**&#x4D;andator&#x79;**):** Specify a column or columns in regular expression format to include matched columns.
* **exclude (**&#x4F;ptiona&#x6C;**):** Specify a column or columns in regular expression format to exclude matched columns.
* **to** (Mandatory): Target column for merged data from selected one or more columns.

{% hint style="info" %}
**Note:** After merging multiple columns into a single column, it will remove source columns from the final output.
{% endhint %}

In the below example, for a reference, we are going to use **Elasticsearch** as an extension to query **Netflow data** and ingest it into **dm:mergecolumns** to select specific columns using include/exclude or both together and merge them into a single target column.

Enter the below command to select **Netflow tag (#es:netflow**). (In this example, **es** name is used as a label to identify Elasticsearch extension and it's tags that are pointing to Netflow data index. The label is defined while adding the extension in cfxdx configuration file or through UI)

```
tag #es:netflow
```

![](https://2978683539-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhoMVYxiQlKXh6OxX98%2F-MViFYVImyJYyZfMHdvC%2F-MViGo-mzJmGerXr3d_1%2FScreen%20Shot%202021-03-13%20at%205.08.29%20PM.png?alt=media\&token=8c3eb9ad-34b3-463d-b075-b00dc7e451e9)

{% hint style="info" %}
Netflow tag includes many columns, in this exercise, we are going to use only few selective columns. For include / exclude regular expressions examples, please refer [**dm:selectcolumns**](https://docs.cloudfabrix.io/rda/rda-userguide/rda-data-management-cfxdm/cfxdm-dm-selectcolumns) documentation.&#x20;
{% endhint %}

**Example 1:** Select three columns using include option from Netflow tag and merge them into a single column.

Get the TCP protocol data from Elasticsearch Netflow tag (**#es:netflow**) for last 1 hour and select the below three columns and merge them (values) together into a single target column.

**Source Columns:**

* flow\.client\_addr
* flow\.server\_addr
* flow\.service\_port

**Target Column:**

* flow\.uniqu&#x65;**\_**&#x69;d

Get the data with above three source columns for a quick data review.

```
data `flow.ip_protocol` contains 'TCP' and `@timestamp` after -1 hour GET `flow.client_addr`, `flow.server_addr`, `flow.service_port`
```

![](https://2978683539-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhoMVYxiQlKXh6OxX98%2F-MViHeEDUwLXU4KxYo6Z%2F-MViLO0TgMy2qMVv7yU6%2FScreen%20Shot%202021-03-13%20at%205.28.29%20PM.png?alt=media\&token=8df40b7c-c0ec-4ad1-be73-223d281ff38e)

Extend the query by ingesting the above queried data selecting three columns into **dm:mergecolumns** tag, include all three columns and merge them into a single column as explained above.

```
data `flow.ip_protocol` contains 'TCP' and `@timestamp` after -1 hour GET `flow.client_addr`, `flow.server_addr`, `flow.service_port` --> dm:mergecolumns include = 'flow.client_addr|flow.server_addr|flow.service_port' & to = 'flow.unique_id'
```

![](https://2978683539-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LhoMVYxiQlKXh6OxX98%2F-MViHeEDUwLXU4KxYo6Z%2F-MViOP2UBLWIRBhdvS_3%2FScreen%20Shot%202021-03-13%20at%205.41.41%20PM.png?alt=media\&token=a3fe5e72-fad4-40fe-8779-c1f722fa6829)