Create calculated fields with Splunk Web
Create a calculated field with Splunk Web. Use calculated fields as a shortcut for performing repetitive, long, or complex transformations using the eval command.
- Review About calculated fields.
Creating a new calculated field in settings
- Select Settings > Fields.
- Select Calculated Fields > New.
- Select the app that will use the calculated field.
- Select host, source, or sourcetype to apply to the calculated field and specify a name.
- You can also enter a wildcard if you want to apply this for all hosts, sources, or sourcetypes.
- Name the resultant calculated field.
- Define the eval expression.
About calculated fields
Configure calculated fields with props.conf
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.1.0, 7.1.1, 7.1.2, 7.1.3