- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Can a field value of any column but used as a ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can a field value of any column but used as a fieldname in eval?
I have a field as field1, and field2 which is an indexed event:
Field1
1.A
2.B
and another table I have as match1 table as mapping table which has:
match1 contains
1.Field1
2.Field2
Now I need to write an eval condition with match1 table which should consider Field1 value instead of the string "Field1"
If it's possible, please help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can also take a look at this AddOn: https://splunkbase.splunk.com/app/4597/
|pointerset MyNewField pointer=match1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You might be after something like this:
| makeresults | eval A="foo", B="bar", {B}=A, {A}=B | fields - _time
Just run it and you will understand how it works; you will get a result like this:
A B bar foo
foo bar foo bar
Hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i have two fields as Calc_Channel & Calc_Categorization (which part of indexed data)
Calc_Channel Calc_Categorization
External HM-IO-Linux
EMS Tools Network Gear & Appliance>Switch
Alert DataCenter Services
EMS Tools Network Gear & Appliance>Switch
I have one more table for mapping with some rule, table Fieldname1 keyword1 we have to map the index data
FieldName1 Keywords1
Calc_Categorization regex command1
Calc_Categorization regex command2
Calc_Channel regex command3
Calc_Categorization regex command4
Calc_Channel regex command5
Calc_TicketDescription regex command6 , now i have to apply regex commands against fieldname1 table, when applying it goes for string "Calc_Categorization" but for me i want to apply rule to fieldvalue of Calc_Categorization. We have nearly 100rules each varies, index is approx. 1Million records.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This does not make much sense. Instead of trying to make up an example, please provide the real information you're working with, which might provide more insight as to what you're trying to accomplish.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can please re-frame your question please.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
