I have a Splunk search outputs result as follows.
| Details | link |
Product Details : Product 1:- ABC123 Product 2:- DEF456 | abcd_website |
Now how do I combine both the fields into 1 as follows
| Details | link |
Product Details : Product 1:- ABC123 link:- abcd_website Product 2:- DEF456 | abcd_website |
The below eval condition giving me the result as follows
| eval Details = Details + link
| Details | link |
Product Details : Product 1:- ABC123 Product 2:- DEF456 link:- abcd_website | abcd_website |
I do not want to add that link at the end. but wanted that somewhere in the middle after a specific field. Also, I do not want to touch or edit the Details field although thats an easy way but it comes from a macro and which used by many searches. I am looking for an alternate way, so that I can update the Details for a specific search?
