Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom Eval Command or Custom Search Command as Calculated Field?

snoobzilla
Builder
‎10-03-2016 04:02 AM

Is it possible to include a custom search command in your app as a calculated field? One that would automatically appear as part of Verbose search results?

From what I have seen/read it looks like a custom command has to be used as part of the stream of search commands, and is never an extension of eval which is what I think would be required to accomplish above.

Trying to decide whether to invest time in a custom search command vs just using a macro.

Thanks

Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-03-2016 08:00 AM

You're correct about the custom search commands being not available for eval function. I would go with macro if that's possible.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-03-2016 08:00 AM

You're correct about the custom search commands being not available for eval function. I would go with macro if that's possible.

0 Karma
Reply
Solved! Jump to solution

snoobzilla
Builder
‎10-17-2016 08:23 AM

That answers my question. It is not ideal for my use case though.

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-03-2016 07:10 AM

I am confused by what you are asking. The fields that appear on the left-hand side of Verbose search results are fields extracted at search-time. Those are most often set in props.conf of an app.

So are you asking for help with a search-time calculated field or do you mean an actual custom search (SPL) command? The latter can be included in an app, but takes a few steps.

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...