Splunk eval example12/19/2023 ![]() ![]() The expression for this function returns results only when the value of the $code parameter is greater than or equal to 400. There is no SPL statement in this example. ![]() A parameter is defined, called $code, which has an input data type of number. The custom function is called isError and returns a Boolean value. This example returns error codes that are greater than or equal to 400. ![]() These examples show different ways to use the jsonobject function to create JSON objects in your events. This example shows how to use a custom function with a simple expression. You can use this function with the eval and where commands, in the WHERE clause of the from command, and as part of evaluation expressions with other commands. A function with a simple return expression These are results of invoking this function:Įxamples 1. Custom functions are similar to macros, but they have more capabilities than macros, such as data type checking and advanced optimizations.įor information about the built-in eval functions, see Quick Reference for SPL2 eval functions.įunction ( ]. You can use custom eval functions in the WHERE clause of the from command and in the eval and where commands.Ĭustom functions provide a structured way to share and reuse blocks of SPL2. Custom eval functions have zero or more parameters and return a single value. Custom functions are user-defined functions that you declare in an SPL2 module. SPL2 Example: Use the if function to analyze field values. eval newfieldreplace ('bar', / (bar)/, 'foo1') 3. Returns 'foobar' in a new top-level field called newfield. In this example, the replace function is used to perform a text replacement. You can create your own custom eval functions to extend SPL2. This example assumes that you are in the SPL View. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |