Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Create a new sourcetype on the fly

asarolkar
Builder
‎04-18-2012 06:16 PM

I have a subsearch like this:

sourcetype="syslog" SERIAL=* | eval SERIAL_NUM=SERIAL | lookup FileLookup SERIAL_NUM

I want to take this and turn it into a new sourcetype.

Any ideas how to go about it ?

Tags (1)
0 Karma
Reply

Ayn
Legend
‎04-19-2012 12:37 AM

sourcetype for a log event is set at index-time, and as such you cannot change it afterwards.

Reply

Ayn
Legend
‎04-21-2012 12:09 AM

Not CREATE it on the fly, but you can certainly write the results of a search to another index. Check out the docs on summary indexing: http://docs.splunk.com/Documentation/Splunk/4.3.1/Knowledge/Usesummaryindexing

You'll likely want to make use of the collect command: http://docs.splunk.com/Documentation/Splunk/latest/searchreference/collect

0 Karma
Reply

asarolkar
Builder
‎04-19-2012 09:28 AM

can I create a new index then which has the results of this search ?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...