Splunk Search

Using script to assign custom default fields

jamesvz84
Communicator

I have a powershell script that gets me the AD site name of the local host. It also gives me the IP address of the local host given the hostname. I'd like to add the output of this script as default (metadata) fields for all my events. Is this possible?

For example, host, source, sourcetype (among others) are metadata fields given to me by default. I'd like to add the fields "site" and "ip" (that values of which are provided to me by the script) to the list of metadata fields.

0 Karma
1 Solution

jamesvz84
Communicator

Thanks. Through some more investigation, it seems like automatic lookups are a better option for me and not as invasive as custom metadata/default fields. I can populate the lookup table through periodic running of a saved search that would take the latest host-ip-site data and populate a lookup table, then the automatic lookup will add the ip and site fields to the search results.

Also, looks like I can search on the ip and site fields as well (and not just display on search results), which is great and fulfills my requirements.

View solution in original post

0 Karma

jamesvz84
Communicator

Thanks. Through some more investigation, it seems like automatic lookups are a better option for me and not as invasive as custom metadata/default fields. I can populate the lookup table through periodic running of a saved search that would take the latest host-ip-site data and populate a lookup table, then the automatic lookup will add the ip and site fields to the search results.

Also, looks like I can search on the ip and site fields as well (and not just display on search results), which is great and fulfills my requirements.

0 Karma

dmaislin_splunk
Splunk Employee
Splunk Employee
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...