...(metadata) fields for all my events. Is this possible?
For example, host, source, sourcetype (among others) are metadata fields given to me by default. I'd like to add the fields "site" and "ip" (t...
I've a couple of index-time field extractions. In events that are missing one of these fields, is there a way to assign the most recently extracted value for that field from this source/sourcetype? T...
...NGEST_EVAL = splunk_parser="<hostname_HF>"
fields.conf
[splunk_parser]
INDEXED=true
Is there a way to get the <hostname_HF> automatically assigned? with a token o...
I have a dashboard with a text input that is assigned to a field in a saved search with a default * entered into it
Text input example:
<input type="text" token="D...
Hello, Query one returns a result with one fields as list of values. I want to pass those list of value as the search source path and result returns for second query. Given below is the d...
...elected by default. I have succeeded to make a search that dynamically populated both input fields. However I did not manage to make all the cars selected by default. Moreover, I also want that as s...
...s search]" in my search macro. Works amazing.
But now I'm trying to change the time picker's default earliest time to :
|inputlookup "$hits_csv$" | fields time (I was initially using epoch time, b...
I can extract multi value fields from a field in events like these:
079184/Query key: ((0008,0016)) SOP Class UID [1.2.840.10008.5.1.4.1.1.481.3] | ((0008,0018)) SOP Instance UID [1.2.246.352.71...
...names")...
From Splunk docs / Documentation / Splunk Enterprise / Getting Data In / Create custom fields at index time:
Field name syntax restrictions
You can assignfield names as f...