Documentation > Splunk > Search Reference > setfields

Search Reference

 


Welcome
Search Overview
Search Commands
Custom Search Commands

setfields

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

setfields

Synopsis

Sets the field values for all results to a common value.

Syntax

setfields <setfields-arg>, ...

Arguments

setfields-arg
Syntax: string="<string>"
Description: A key-value pair with quoted value. Standard key cleaning will be performed, ie all non-alphanumeric characters will be replaced with '_' and leading '_' will be removed.

Description

Sets the value of the given fields to the specified values for each event in the result set. Delimit multiple definitions with commas. Missing fields are added, present fields are overwritten.

Examples

Example 1: Specify a value for the ip and foo fields.

... | setfields ip="10.10.10.10", foo="foo bar"

See also

fillnull, rename

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.4/SearchReference/Setfields"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!