Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you 'Tag' based on a search?

andrewkenth
Communicator
‎12-23-2013 02:09 PM

I'm almost certian I used the wrong lingo but I'd like to essentially create a field based on search or regex, but I want my own predetermiend label to be the field value, not any of the contents of the raw log.

So, if I have a search like this:
index=myIndex sourcetype=mysourcetype "dude really did login"

I'd want all of thos results to be tagged with a field named "ServerEvent" and have the value be set to "LOGIN"

Alternativly I'd want a search like this:
index=myIndex sourcetype=mysourcetype "dude really did logout"

I'd want all of thos results to be tagged with a field named "ServerEvent" and have the value be set to "LOGOUT"

What is the most efficient way to do this in Splunk?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aelliott
Motivator
‎12-23-2013 02:31 PM

This post may help you with this:
http://answers.splunk.com/answers/9073/set-field-based-on-another-field

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aelliott
Motivator
‎12-23-2013 02:31 PM

This post may help you with this:
http://answers.splunk.com/answers/9073/set-field-based-on-another-field

0 Karma
Reply
Get Updates on the Splunk Community!

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

What's New in Splunk Observability - October 2025

What’s New?    We’re excited to announce the latest enhancements to Splunk Observability Cloud and share ...