Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom Eval Command or Custom Search Command as Calculated Field?

snoobzilla
Builder
‎10-03-2016 04:02 AM

Is it possible to include a custom search command in your app as a calculated field? One that would automatically appear as part of Verbose search results?

From what I have seen/read it looks like a custom command has to be used as part of the stream of search commands, and is never an extension of eval which is what I think would be required to accomplish above.

Trying to decide whether to invest time in a custom search command vs just using a macro.

Thanks

Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-03-2016 08:00 AM

You're correct about the custom search commands being not available for eval function. I would go with macro if that's possible.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-03-2016 08:00 AM

You're correct about the custom search commands being not available for eval function. I would go with macro if that's possible.

0 Karma
Reply
Solved! Jump to solution

snoobzilla
Builder
‎10-17-2016 08:23 AM

That answers my question. It is not ideal for my use case though.

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-03-2016 07:10 AM

I am confused by what you are asking. The fields that appear on the left-hand side of Verbose search results are fields extracted at search-time. Those are most often set in props.conf of an app.

So are you asking for help with a search-time calculated field or do you mean an actual custom search (SPL) command? The latter can be included in an app, but takes a few steps.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...