https://community.splunk.com/t5/Splunk-Search/How-to-access-a-field-name-using-variable/m-p/303191#M166345 <P>Without seeing your query or expected output, my suggestion would be this (the subsearch would return the current weekday value and pass it on to table command.:</P> <PRE><CODE>your search giving fields for each weekday | table [| gentimes start=-1 | eval search=strftime(now(),"%A") | table search ] </CODE></PRE> Mon, 28 Aug 2017 14:32:53 GMT somesoni2 2017-08-28T14:32:53Z https://community.splunk.com/t5/Splunk-Search/How-to-access-a-field-name-using-variable/m-p/303190#M166344 <P>My Splunk results are returning multiple fields including fields Sunday, Monday, Tuesday .... Saturday.</P> <P>Now my requirement is if today is Sunday i want to access the value of field name Sunday, if today is Monday i need to access the value of Monday and so on..</P> <P>Can someone help me in how to access the value of a field using variable ? </P> Mon, 28 Aug 2017 13:32:56 GMT https://community.splunk.com/t5/Splunk-Search/How-to-access-a-field-name-using-variable/m-p/303190#M166344 sagrl 2017-08-28T13:32:56Z https://community.splunk.com/t5/Splunk-Search/How-to-access-a-field-name-using-variable/m-p/303191#M166345 <P>Without seeing your query or expected output, my suggestion would be this (the subsearch would return the current weekday value and pass it on to table command.:</P> <PRE><CODE>your search giving fields for each weekday | table [| gentimes start=-1 | eval search=strftime(now(),"%A") | table search ] </CODE></PRE> Mon, 28 Aug 2017 14:32:53 GMT https://community.splunk.com/t5/Splunk-Search/How-to-access-a-field-name-using-variable/m-p/303191#M166345 somesoni2 2017-08-28T14:32:53Z https://community.splunk.com/t5/Splunk-Search/How-to-access-a-field-name-using-variable/m-p/303192#M166346 <P>@sagrl, you can run a dummy search in your dashboard to get today's weekday as a token and then use the same in your other searches in the dashboard.</P> <PRE><CODE>&lt;search&gt; &lt;query&gt;| makeresults | eval weekDay=lower(strftime(_time,"%A")) &lt;/query&gt; &lt;progress&gt; &lt;set token="tokenWeekDay"&gt;$result.weekDay$&lt;/set&gt; &lt;/progress&gt; &lt;/search&gt; </CODE></PRE> <P>Then use the token <CODE>$tokenWeekDay$</CODE> in your other searches in the dashboard:</P> <PRE><CODE>&lt;single&gt; &lt;search&gt; &lt;query&gt;| makeresults | eval tokenData="$tokenWeekDay$" | table tokenData &lt;/query&gt; &lt;/search&gt; &lt;/single&gt; </CODE></PRE> <P>PS: I have changed the weekday to lower case using <CODE>lower()</CODE> function. In case your use case is to match this against Splunk's default extracted field <CODE>date_wday, it should be lowercase. Result of strftime() time modifier</CODE>%A<CODE>would result in Week Days like Sunday, Monday etc. As you have asked in your question. Hence, if you are search for same casing in weekday values, then you do not require lower() function, just</CODE>strftime()` should work.</P> Mon, 28 Aug 2017 14:35:18 GMT https://community.splunk.com/t5/Splunk-Search/How-to-access-a-field-name-using-variable/m-p/303192#M166346 niketn 2017-08-28T14:35:18Z https://community.splunk.com/t5/Splunk-Search/How-to-access-a-field-name-using-variable/m-p/303193#M166347 <P>I would do it like this:</P> <PRE><CODE>| makeresults | eval date_wday=strftime(now(), "%A") | map [search index="YouShouldAlwaysSpecifyAnIndex" sourcetype="AndSourcetypeToo" MyFieldName="$date_wday$"] </CODE></PRE> Sun, 10 Sep 2017 21:47:13 GMT https://community.splunk.com/t5/Splunk-Search/How-to-access-a-field-name-using-variable/m-p/303193#M166347 woodcock 2017-09-10T21:47:13Z