The initial search gives all fields to eval
, and eval
adds one field to that set.
You can combine commands like this:
index=* sourcetype=history browser=chrome | table sourcetype | eval name="raj"
The initial search gives all fields to eval
, and eval
adds one field to that set.
You can combine commands like this:
index=* sourcetype=history browser=chrome | table sourcetype | eval name="raj"