Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

set a value at search time

sbsbb
Builder
‎11-22-2012 12:37 AM

I made a Union with APPEND betwenn to search :

search1 APPEND [search2]

I want to have a field "source" that has a specific value, depending from the source query is there a way to do somthing like :

search1 source=1 | APPEND [search2 source=2]

and to have results like :

field1, field2, 1 (when comming from source1)
field1, field2, 2 (when comming from source2)

?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎11-22-2012 12:45 AM

Sure. Have a look at eval which will do what you want.

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Eval

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎11-22-2012 12:45 AM

Sure. Have a look at eval which will do what you want.

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Eval

Reply
Solved! Jump to solution

sbsbb
Builder
‎11-22-2012 01:29 AM

that exactly what I needed thank you

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...