Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I automatically tag new results?

mctester
Communicator
‎04-21-2010 03:00 PM

I need to create a custom chart in splunk and be able to tag the results of that search with a ticket number for tracking purposes. I run into issues when I run the search right now because only one host is tagged. The search is related to virus infections and new infections will happen quite often. Is there any way when I run my search, to automatically tag the new results that do not have a tag yet with "New"

example:

search ..................... | chart count by tag::src (this only returns results if the hosts have already been tagged). I tried to use the fillnull value=New tag::src but that did not work.

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-21-2010 03:19 PM

No, there really isn't any such functionality in the product, at least not that would work for what you're trying to do. Yours isn't the first request for such, but I would file an Enhancement Request with Splunk Support (a P4 ticket here http://www.splunk.com/page/submit_issue) because the more people ask for it, the sooner it'll get done.

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-21-2010 03:19 PM

No, there really isn't any such functionality in the product, at least not that would work for what you're trying to do. Yours isn't the first request for such, but I would file an Enhancement Request with Splunk Support (a P4 ticket here http://www.splunk.com/page/submit_issue) because the more people ask for it, the sooner it'll get done.

Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...