- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to add new field in existing index
I have a index that have 2 fields only
index="TRIAL_INDEX" fields: sample1, sample2
And i will make a new field by
index="TRIAL_INDEX"
| eval sample3= sample1+sample2
What i want is that sample3 would add to the index , so the next time i search it will appear anywhere.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hey try this
go to Fields » Calculated fields » Add new
Put Name: sample3
Eval Expression : sample1+sample2
let me know if this helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes it is helpful , but is there a way that it will be triggered when a BUTTON CLICK in the dashboard ? or in the SPL itself ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I do not know but this is achievable by js on a dashboard but then it will not reflect in a raw data.This is the only method I think to reflect in a raw data by default.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you're wanting sample3 always in your results without having to add that eval statement?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
what i want is the sample1, sample2, sample3 would be in the index .
After i eval it i like it to be insert to the index , if that is possible .
