![]() In the Second field we have stored “33403” as second value. By the eval command we have created a field called Second. In the above query _internal is the index name and sourcetype name is splunkd_ui_access. We have store the values in a new field called Comma_Field.Įxample 4: index=_internal sourcetype=splunkd_ui_access | eval Second="33403" | eval Duration=tostring(Second,"duration") | table Second,Duration | dedup Second,Duration If a field includes decimal values then it round offs to nearest two decimal point. This argument formats the Summation field with commas. We have used “commas” as an argument with tostring function for eval command. Here method and bytes are existing field names in _internal index. By stats command we have taken the summation of bytes for every method field values and rename the field as Summation. You can also know about : Usage of Splunk Eval Function: MATCHĮxample 3: index=_internal sourcetype=splunkd_ui_access | stats sum(bytes) as Summation by method | eval Comma_Field=tostring(Summation,"commas") We have stored the hexa-decimal values in a new field called Hex_Field. This argument converts the decimal value into a hexa-decimal value. Here method is an existing field name in _internal index.We have used “hex” as an argument with tostring function for eval command. By the stats command we have taken the count of method field values and rename the count field as decimal. ![]() At last by table function we have taken New_Field in tabular format and by dedup command we have removed the duplicate values from the result set. We have given a Boolean value as a input of tostring function so it returns “True” corresponding to the Boolean value and store the value in a new field called New_Field. If the first argument ( X ) is a number then second argument(Y) can be “hex”, “commas” or “duration”.įind below the skeleton of the usage of the function “tostring” with EVAL :Įxample 1: index=_internal sourcetype=splunkd_ui_access | eval New_Field=tostring(1=1) | table New_Field | dedup New_Field.If you give Boolean value as an input it returns “True” or “False” corresponding to the Boolean value.If you give number as an input it formats the number as a string.This functions converts inputs value to a string value.This function takes two arguments ( X and Y ).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |