Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

transformation : set a field value according to the host

sbsbb
Builder
‎11-23-2012 07:56 AM

I'd like to set at search_time a new field, with a value according to the host :

if host=abc.com then =test
elseif host=bbb.com then =prod

Is it possible to make if statement in the inline field of the transformation ? How do it would look like ?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎11-23-2012 09:04 AM

I believe using tags would be ideal in this case.

http://docs.splunk.com/Documentation/Splunk/5.0/Knowledge/Tagthehostfield

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎11-23-2012 09:04 AM

I believe using tags would be ideal in this case.

http://docs.splunk.com/Documentation/Splunk/5.0/Knowledge/Tagthehostfield

0 Karma
Reply
Solved! Jump to solution

sbsbb
Builder
‎11-25-2012 02:16 AM

Thanks, it is what I was searching for.
But I couldn't find the way how to print the tag-name in the result ? By default the hostname is printed... ?

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Observability - October 2025

What’s New?    We’re excited to announce the latest enhancements to Splunk Observability Cloud and share ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened Audit Trail v2 wasn’t written in isolation—it was shaped by your voices. In ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...