How create a tag based on field name ?

TanyaCnd · ‎06-07-2023

Hi,

I am trying create tags based on index and field name . Log:
1, User.field1, User.field2, User.field3

2, Admin.field1, Admin.field2, Admin.field3

3, Admin.field1, Admin.field2, Admin.field3

I want tag User.* fields with tag User and Admin.* with Admin. So, when we search with tag User only User events listed

Thanks

gcusello · ‎06-07-2023

why don't you try to use two different tags?

e.g:

then you can use them for your searches:

tag=ADMIN tag=FIELD1

Ciao.

Giuseppe

Are you a member of the Splunk Community?