Hi everyone , i would like to add a field in splunk.but field value does not come in result.
here my source are:-
1. C:\Program Files\Splunk\etc\apps\tougou\tougou_logs\guest1\host_name\afkcd01_KLZ_Disk_110208.csv
2. C:\Program Files\Splunk\etc\apps\tougou\tougou_logs\guest2\host_name\afkcd01_KLZ_Disk_110208.csv
C:\Program Files\Splunk\etc\apps\tougou\tougou_logs\guest3\host_name\afkcd01_KLZ_Disk_110208.csv
i want add field with name guest, as above sources there are diffirent diffirent guest like
guest1, guest2 and guest. so i would like serch result based on guest field
like:-
index = "tougou" guest="guest1"
index = "tougou" guest="guest2"
as we know source always come in result. but i dont know how to add field guest in splunk.
please help me to resolve this problem.
thanx in advnce.
... View more