All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

eval new field which will have addition of two numeric fields

pavanbmishra
Path Finder
‎11-18-2020 09:26 AM

Hello SMEs,

Seeking support to eval new field from two already being extracted one.

I have bytes_received & bytes_sent fields. Wanted to have one more field (total_bytes) which will have addition of both 

 

eval total_bytes = bytes_received + bytes_sent

Please suggest

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

thambisetty
SplunkTrust
SplunkTrust
‎11-18-2020 10:16 AM

Hope you want to create a new field at search time instead of writing that above mentioned line in search every time.

if yes follow below:

Create props.conf in local directory in any application under apps directory of search head and add below:

[sourcetype]
EVAL-total_bytes = bytes_received+bytes_sent

Note: you should replace sourcetype with the source type for which you want to have new field.

————————————
If this helps, give a like below.

View solution in original post

Reply
Solved! Jump to solution
Solution

thambisetty
SplunkTrust
SplunkTrust
‎11-18-2020 10:16 AM

Hope you want to create a new field at search time instead of writing that above mentioned line in search every time.

if yes follow below:

Create props.conf in local directory in any application under apps directory of search head and add below:

[sourcetype]
EVAL-total_bytes = bytes_received+bytes_sent

Note: you should replace sourcetype with the source type for which you want to have new field.

————————————
If this helps, give a like below.
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...