Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to format fields globally based on the data type used?

ronak
Path Finder
‎03-26-2015 04:19 PM

Hello

Is there any way by which I can set the formatting at once central place and it takes effect wherever that data type is used. For example, I define types like US_CURRENCY, NUMBER_WITH_COMMAS, etc...and then in query I can simply mark the field to be US_CURRENCY so that it is represented as $389.90 instead of 380.90

Any pointers would be appreciated

thanks, ronak

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-26-2015 04:23 PM

You could create a macro US_CURRENCY(1) that takes the field as its argument and is defined something like this:

fieldformat $field$ = "$$".'$field$'

and use it in your searches like this:

some search | `US_CURRENCY(total)` | ...
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...