Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to tag a field sourcetype from the search bar?

splunker12er
Motivator
‎08-13-2014 04:26 AM

I tried to tag the field sourcetype as suggested in the link :

[http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/Tags][1]

Examples
Example 1: Write tags for host and eventtype fields into tag::host and tag::eventtype.

... | tags host eventtype

index=* | tags sourcetype

but it doesnt created tag::sourcetype

Please help.. Am i missing something ..?

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎08-13-2014 04:36 AM

Search for a value you want to tag, expand an event with that field value, look for the field you want to add a tag to, click the down-triangle to the right in the Actions column and select Edit Tags. That'll let you enter a tag for this field value.

After tagging you can then search by using tag=value or tag::fieldname=value.
You can edit and add more tags through the Settings as well by going into the Tags section.

See http://docs.splunk.com/Documentation/Splunk/6.1.3/Knowledge/Abouttagsandaliases for documentation on tagging your data.

Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of Splunk APM’s and Splunk RUM’s streaming infrastructure in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...