Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom Eval Command or Custom Search Command as Calculated Field?

snoobzilla
Builder
‎10-03-2016 04:02 AM

Is it possible to include a custom search command in your app as a calculated field? One that would automatically appear as part of Verbose search results?

From what I have seen/read it looks like a custom command has to be used as part of the stream of search commands, and is never an extension of eval which is what I think would be required to accomplish above.

Trying to decide whether to invest time in a custom search command vs just using a macro.

Thanks

Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-03-2016 08:00 AM

You're correct about the custom search commands being not available for eval function. I would go with macro if that's possible.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-03-2016 08:00 AM

You're correct about the custom search commands being not available for eval function. I would go with macro if that's possible.

0 Karma
Reply
Solved! Jump to solution

snoobzilla
Builder
‎10-17-2016 08:23 AM

That answers my question. It is not ideal for my use case though.

0 Karma
Reply
Solved! Jump to solution

rjthibod
Champion
‎10-03-2016 07:10 AM

I am confused by what you are asking. The fields that appear on the left-hand side of Verbose search results are fields extracted at search-time. Those are most often set in props.conf of an app.

So are you asking for help with a search-time calculated field or do you mean an actual custom search (SPL) command? The latter can be included in an app, but takes a few steps.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...