Splunk Cloud

Search Reference

Download manual as PDF

Download topic as PDF

iconify

Description

Causes Splunk Web to display an icon for each different value in the list of fields that you specify.

The iconify command adds a field named _icon to each event. This field is the hash value for the event. Within Splunk Web, a different icon for each unique value in the field is displayed in the events list. If multiple fields are listed, the UI displays a different icon for each unique combination of the field values.

Syntax

iconify <field-list>

Required arguments

field-list
Syntax: <field>...
Description: Comma or space-delimited list of fields. You cannot specify a wildcard character in the field list.

Examples

1. Display an different icon for each eventtype

... | iconify eventtype

2. Displays an different icon for unique pairs of clientip and method values

... | iconify clientip method

Here is how Splunk Web displays the results in your Events List:

Iconify example.png

See also

highlight

Answers

Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the iconify command.

PREVIOUS
history
  NEXT
input

This documentation applies to the following versions of Splunk Cloud: 6.6.3, 7.0.5, 7.0.2, 7.0.3, 7.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters