allowed_tags

Syntax: allowed_tags=[field-list]

Description: A comma-separated list of the tags to return. You must enclose the list in square brackets.

Default: All tags

field-list

Syntax: field, ...

Description: A comma-separated list of one or more field names that you want to return the associated tags information for. The field list must appear after the other parameters. If not specified, the tag information for all fields is returned.

Default: All fields

inclname

Syntax: inclname=boolean

Description: Valid only if outputfield is specified. Specifies if the event field name is included in the output field, along with the tag names. Specify true to include the field name. For example, if the field that the tag is associated with is ipaddress and the tag is main_office the results in the output field shows ipaddress::main_office

Default: false

inclvalue

Syntax: inclvalue=boolean

Description: Valid only if outputfield is specified. Specifies if the event field value is included in the output field, along with the tag names. Specify true to include the event field value.

Default: false

outputfield

Syntax: outputfield=field

Description: The name of a single field to write all of the tag names to. If not specified, a new field is created for each field that has tags associated with that field. The tag names are written to these new fields using the naming convention tag_name::field. In addition, a new field is created called tags that lists all of the tag names in all of the fields.

Default: A new field is created for each field that has tags associated with that field.