Splunk Commands Reference & Tutorials @ DevOpsSchool.com (2024)

Table of Contents
Author Contents Splunk Commands Tutorials & Reference:- Commands Category: Filtering Commands: eval

Support my work @Patron!

Contents

in Progress
in Progress
in Progress


Splunk Commands Tutorials & Reference:-

Commands Category: Filtering

Commands: eval

Use: The eval command calculates an expression and puts the resulting value into a search results field. The eval command evaluates mathematical, string, and boolean expressions.

If the field name that you specify does not match a field in the output, a new field is added to the search results.

If the field name that you specify matches a field name that already exists in the search results, the results of the eval expression overwrite the values in that field.

Difference between eval and stats commands

The stats command calculates statistics based on fields in your events. The eval command creates new fields in your events by using existing fields and an arbitrary expression.

homework Server's Time

host=homework usr=* | eval timesstamp=strftime(_time, "%I:%M") | table timesstamp usr

Add a field to each event which is the time between this event and the previous one. duration between events

failed*| sort _time | streamstats current=f global=f window=1 last(_time) as last_ts | eval time_since_last = _time - last_ts | fieldformat time_since_last = tostring(time_since_last, "duration")

Use the if function to analyze field values

Create a field called error in each event. Using the if function, set the value in the error field to OK if the status value is 200. Otherwise set the error field value to Problem.

... | eval error = if(status == 200, "OK", "Problem")

Use the value of one field as the name for a new field

In this example, use each value of the field counter to make a new field name. Assign to the new field the value of the Value field.

index=perfmon sourcetype=Perfmon* counter=* Value=* | eval {counter} = Value

Set status to some simple http error codes

source="access_30day.log" | eval error_msg = case(status == 404, "Not found", status == 500, "Internal Server Error", status == 200, "OK")source="access_30day.log" | eval error_msg = case(status == 404, "Not found", status == 500, "Internal Server Error", status == 200, "OK") | table error_msg
Splunk Commands Reference & Tutorials @ DevOpsSchool.com (2)
Avail Rajesh Kumar as trainer at 50% Discount
Puppet Online Training
Puppet Classroom TrainingEnroll Now

Splunk Commands Reference & Tutorials @ DevOpsSchool.com (2024)
Top Articles
Paleo Pigs in a Blanket (aka Paleo Piggies) Recipe
Cooking a Low Sodium Oven Fried Chicken Recipe - Good Gifts For Senior Citizens
Exotic Kitty Prices
Aplikasi Terbaik 2018: 10 Software Desain Logo Profesional Terbaik 2018
What we know about the major Pentagon intelligence leak | CNN Politics
Ukraine Leaks: Air National Guardsman Arrested as F.B.I. Searches His Home (Published 2023)
Bad Bunny Font - Fontspace.io
Bad Bunny Font Free Download | Fontswan
maine cars & trucks - by owner "trucks" - craigslist
Kim Harris email address & phone number | The Bon-Ton Stores, Inc. HR manager contact information - RocketReach
Summoners War Dot Team
Wellstar Urgent Care, Marietta - Book Online Now
Latest Posts
Easy Dairy-Free Custard Recipe (Stovetop, 10 Minutes, No Tempering!)
Weight Loss Magic Soup Recipe
Article information

Author: Msgr. Benton Quitzon

Last Updated:

Views: 5780

Rating: 4.2 / 5 (43 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Msgr. Benton Quitzon

Birthday: 2001-08-13

Address: 96487 Kris Cliff, Teresiafurt, WI 95201

Phone: +9418513585781

Job: Senior Designer

Hobby: Calligraphy, Rowing, Vacation, Geocaching, Web surfing, Electronics, Electronics

Introduction: My name is Msgr. Benton Quitzon, I am a comfortable, charming, thankful, happy, adventurous, handsome, precious person who loves writing and wants to share my knowledge and understanding with you.