Placing the tags for specific fields into a new field

The following example creates a field called mytags and returns the tags for only the host and clientip fields. The tag information will include the field name associated with the tag. The field list must be specified after the other parameters.

...| tags outputfield=mytags inclname=true host, clientip

Placing the information about specific tags from any field into a new field

The following example returns only information about the tags error and group that are associated with any field. This example places the tag information, including the field name and value, in a field called teamtags.

...| tags allowed_tags=[error, group] outputfield=teamtags inclname=true inclvalue=true

See also