Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a new field with static value during index time

DataOrg
Builder
‎04-21-2020 04:02 AM

I want to append new field with static value to the data during index time.

how to create with props.conf/transform.conf and no field extraction is required

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-21-2020 05:20 AM

You can use INGEST_EVAL = foo="bar" in transforms.conf.

---
If this reply helps you, Karma would be appreciated.
Reply

DataOrg
Builder
‎04-23-2020 01:13 AM

worked directly adding on inputs.conf.

[script://path/your_script.py]
_meta = script_name::abc.py

0 Karma
Reply

adonio
Ultra Champion
‎04-21-2020 05:11 AM

why do you need to do this? what is the use case?
if you need that data all the time ... you can add ... | eval NEW_FIELD = "YOUR STATIC VALUE" ...

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Extending Splunk AI Assistant for SPL to Splunk Enterprise customers!

Howdy Splunk Community! It’s an exciting day here at Splunk – Splunk AI Assistant for SPL version 1.3.0 is now ...

Developer Spotlight with Qmulos

Qmulos: Building a Next-Level Cybersecurity Business through Splunk Apps Qmulos started as a scrappy startup ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Enhance Security Operations with Automated Threat Analysis in the Splunk EcosystemAre you leveraging ...
li.common.scroll-to.top