Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do i create another field based on existing naming convention

satya2p
Path Finder
‎04-30-2015 10:30 AM

I have a raw event from where i want to capture a few specific fields already configured in splunk and want to create a kind of lookup data which will capture a record from an existing field and outlined based on lookup instruction.

aaad00 – if d, it should be captured under data
aaan00 – if n, it should be captured under name

0 Karma
Reply

Runals
Motivator
‎04-30-2015 11:28 AM

At the highest level simply append | outputlookup my_lookup_name.csv to the end of your search. That said can you share a bit more on what it is you are trying to capture with some examples of the data or the desired state?

0 Karma
Reply
Get Updates on the Splunk Community!

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

What's New in Splunk Observability - October 2025

What’s New?    We’re excited to announce the latest enhancements to Splunk Observability Cloud and share ...