Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I create a third field based on unique combinations of two other fields

cmontonen
Explorer
‎05-06-2015 10:07 AM

Hello all,
I am really new to Splunk and cannot for the life of me figure this one out.
Unfortunately, Googling around for answers has not been helpful.

I have records which contain two important fields initiator_country and responder_country.
I am interested in observing records with rare combinations of the two fields.
There are 3 possible values for initiator_country and responder_country, so 9 total combinations.
I would like to create a 3rd field for each record indicating which initiator_country - responder_country
combination the record belongs to, but I am not really sure where I should start.

Thank you very much!

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎05-06-2015 10:19 AM

Is this what you mean?

... | eval newField = initiator_country . "-" . responder_country

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎05-06-2015 10:19 AM

Is this what you mean?

... | eval newField = initiator_country . "-" . responder_country
Reply
Solved! Jump to solution

cmontonen
Explorer
‎05-06-2015 10:23 AM

Wow! Thank you very much!
I just tested it and it worked!

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...