Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to tag a field sourcetype from the search bar?

splunker12er
Motivator
‎08-13-2014 04:26 AM

I tried to tag the field sourcetype as suggested in the link :

[http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/Tags][1]

Examples
Example 1: Write tags for host and eventtype fields into tag::host and tag::eventtype.

... | tags host eventtype

index=* | tags sourcetype

but it doesnt created tag::sourcetype

Please help.. Am i missing something ..?

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎08-13-2014 04:36 AM

Search for a value you want to tag, expand an event with that field value, look for the field you want to add a tag to, click the down-triangle to the right in the Actions column and select Edit Tags. That'll let you enter a tag for this field value.

After tagging you can then search by using tag=value or tag::fieldname=value.
You can edit and add more tags through the Settings as well by going into the Tags section.

See http://docs.splunk.com/Documentation/Splunk/6.1.3/Knowledge/Abouttagsandaliases for documentation on tagging your data.

Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...