Help with looping in Splunk (getting column names ...

yoshilog · ‎01-04-2022

Hi everyone,

I would like to retrieve all the column names and the field values for each row and put them in an alert, without manually doing it.

Could you let me know if it is possible to iterate through each column name in splunk?

My desired output looks like this:

① [This is for Row labeled ①]

journal.status_id.old_value: 90
journal.status_id.new_value: 95

②[This is for Row labeled ②]

journal.assigned_to_id.old_value: 113
journal.assigned_to_id.new_value: 99

③[This is for Row labeled ③]

journal.status_id.old_value: 73
journal.status_id.new_value: 90

journal.assigned_to_id.old_value: null
journal.assigned_to_id.new_value: 113

It is possible for other columns to be present so I would like to do it via a loop.

ITWhisperer · ‎01-04-2022

The foreach command will iterate through a list of field names.

An alert is based on the results of a search - it looks like you already have a search, what more do you need for your alert?

Help with looping in Splunk (getting column names along with field values)

alert condition

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Help with looping in Splunk (getting column names along with field values)

alert condition

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!