![]() ![]() In addition, a new field is created called tags that lists all of the tag names in all of the fields. The tag names are written to these new fields using the naming convention tag_name. If not specified, a new field is created for each field that contains tags. Default: false outputfield Syntax: outputfield= Description: If specified, the tag names for all of the fields are written to this one new field. Specify true to include the event field value. Default: false inclvalue Syntax: inclvalue=true | false Description: If outputfield is specified, controls whether or not the event field value is added to the output field, along with the tag names. ![]() Default: All fields inclname Syntax: inclname=true | false Description: If outputfield is specified, this controls whether or not the event field name is added to the output field, along with the tag names. The tag names are written to the outputfield. Description: Specify the fields that you want to output the tags from. For example: allowed_tags="host, sourcetype". You can specify multiple tags using a comma-separated, double-quoted string. Optional arguments allowed_tags Syntax: allowed_tags= | allowed_tags="" Description: If specified, returns only the tag names in the allowed_tags argument. See About tags and aliases in the Knowledge Manager Manual. Otherwise, this command looks for tags for all fields. If there are fields specified, only annotates tags for those fields. Annotates specified fields in your search results with tags. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |