Hi
I am trying to add a new field to my search results via a custom search command written in python
Take the following snippet from the script:
results,results1,results2 = splunk.Intersplunk.getOrganizedResults()
for line in results:
line["Test"] = 'Some Test Text'
When I run a search which uses this custom search command I don't see the Test field appearing in the events list, events table or results table. Just wondering if my expectation is incorrect in terms of Splunk being able to do this
Thanks
Matt
You have to output the results after the loop (ie. once you've modified them).
splunk.Intersplunk.outputResults(results)
You have to output the results after the loop (ie. once you've modified them).
splunk.Intersplunk.outputResults(results)
Hi
I am using the following search: source="file-name.txt" |
Thanks
Matt
I see. The field should be available in the results then. What's the exact search, you're using? Is the field selected (ie. does it appear in the field picker - on the left)?
Hi ziegfried
Thanks for the reply
Sorry I hadn't included more of the code to make it more clear.
I have the " splunk.Intersplunk.outputResults(results)"
line of code after the loop finishes.