Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

set a value at search time

sbsbb
Builder
‎11-22-2012 12:37 AM

I made a Union with APPEND betwenn to search :

search1 APPEND [search2]

I want to have a field "source" that has a specific value, depending from the source query is there a way to do somthing like :

search1 source=1 | APPEND [search2 source=2]

and to have results like :

field1, field2, 1 (when comming from source1)
field1, field2, 2 (when comming from source2)

?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎11-22-2012 12:45 AM

Sure. Have a look at eval which will do what you want.

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Eval

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎11-22-2012 12:45 AM

Sure. Have a look at eval which will do what you want.

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Eval

Reply
Solved! Jump to solution

sbsbb
Builder
‎11-22-2012 01:29 AM

that exactly what I needed thank you

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...