AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Splunk eval example12/19/2023 ![]() ![]() ![]() Return a string value based on the value of a field | eval sum_of_areas = pi() * pow(radius_a, 2) + pi() * pow(radius_b, 2) 6. A new field called sum_of_areas is created to store the sum of the areas of the two circles. This example uses the pi and pow functions to calculate the area of two circles. Calculate the sum of the areas of two circles The lower function is used to populate the lowuser field with the lowercase version of the values in the user-name field. This example shows how to specify a field name that includes a dash. This includes the wildcard ( * ) character. When a field name contains anything other than a-z, A-Z, 0-9, or the underscore ( _ ) character, you must enclose the name in single quotation marks. Specify field names that contain dashes or other characters Using the lower function, populate the field with the lowercase version of the values in the username field. ![]() Convert values to lowercaseĬreate a new field in each event called lowuser. | eval error = if(status = 200, "OK", "Problem") 3. Otherwise set the error field value to Problem. Using the if function, set the value in the error field to OK if the status value is 200. Use the if function to analyze field valuesĬreate a new field called error in each event. Calculate the speed by dividing the values in the distance field by the values in the time field. Create a new field that contains the result of a calculationĬreate a new field called speed in each event. See Quick Reference for SPL2 eval functions.ġ. Many of these examples use the evaluation functions. To learn more about the eval command, see How the eval command works. The following are examples for using the SPL2 eval command. ![]()
0 Comments
Read More
Leave a Reply. |