Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can I tag with search?

kawashita_t
Explorer
‎06-27-2017 07:07 PM

I would like to tag you at search time.
I'd like to tag the result of the calculation when searching.

ex )
LogID Data1 Data2
1 323 421
2 391 117
3 341 221
4 268 230
5 182 311
6 277 213
7 57 177
8 27 251
9 72 235
10 201 257

Tag the sum of Data 1 and Data 2.

result:

LogID Data1 Data2 tag
1   323   421   744
2   391   117   508
3   341   221   562
4   268   230   498
5   182   311   493
6   277   213   490
7   57   177   234
8   27   251   278
9   72   235   307
10   201   257   458

index=sample
| eval sum=Data1+Data2
| tags outputfield=sum tag  ###Example Tagging syntax

I want you to tell me.
If I can not do that, will I use a summary index etc?

0 Karma
Reply

arizviherjavec
Explorer
‎02-19-2019 06:37 AM

Why not just

| eval tag=Data1+Data2 ?

If you need both tag and sum fields, you can also
| eval sum=tag

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎06-27-2017 09:52 PM

as field "sum" is not indexed, i think you can not use it as a tag.
i think what you are looking for is "calculated field".

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...