Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to modify an Event in a particular index?

kanishka97167
Observer
‎06-29-2022 12:04 PM

I am trying to add data into Splunk in Json format. All the events have the same format. Lets say we have some format like this:

[

     field1 : value1

     field2 : value2

]

 

Is is possible for me to update value1 to some value3, given field1? I am looking to first achieve this from website and if this possible, I am looking for REST APIs to achieve the same. 

Labels (1)
Labels
Tags (2)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-29-2022 01:10 PM

You must do this before events have indexed. After those are written to disk you cannot change those.

If you want to change those values before indexing that maybe do by props and transforms. But maybe it's easier to do it totally outside of Splunk?

Can you open with more details what is your issue which you are trying to solve?

0 Karma
Reply

kanishka97167
Observer
‎06-29-2022 01:59 PM

Hi isoutamo,

 

Thanks a lot for the quick response. I am basically trying to add data real time into Splunk for visualization using some dashboards. I am concerned with 3 operations here: Add, Delete and Modify. Adding and Deleting records works fine. But I am unable to find any resources to modify any existing events.

 

Also Could you please help me find some resources where I can add or delete events using the REST APIs that Splunk provides? I am specifically looking for these:

1. Add an event into a particular index

2. Given an index and field name(specific field name in the Json formatted event), delete that event from the index.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...