Getting Data In

Is it possible to use field transformation at search level?

andakun_222
New Member

I want to create a report with search query, Is there any way to use field transformation in it?

For example:

      <query>eventtype="AWB"  | fieldtransformation = fieldtransformationname.</query>
    </search>

Thanks.

0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

You can specify the transforms.conf stanza (only search time field extraction specific) name as parameter <extractor-name> in the extract command. See this for more information.

http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Extract

View solution in original post

0 Karma

somesoni2
SplunkTrust
SplunkTrust

You can specify the transforms.conf stanza (only search time field extraction specific) name as parameter <extractor-name> in the extract command. See this for more information.

http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Extract

0 Karma

andakun_222
New Member

thanks somesoni, created field transformation from UI and accessed it through extract command at search level. Working as expected.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...