Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Syntax Error while using "distance" command

syazwani
Path Finder
‎10-15-2023 10:03 PM

Hi peeps,

I receive below error while running a query.

error on dashboard.png

below is my query;

eventtype=sfdc-login-history 
| iplocation allfields=true SourceIp 
| eval cur_t=_time 
| streamstats current=t window=2 first(lat) as prev_lat first(lon) as prev_lon first(cur_t) as prev_t by Username 
| eval time_diff=cur_t - prev_t 
| distance outputField=distance inputFieldlat1=lat inputFieldLat2=prev_lat inputfieldLon1=lon inputFieldLon2=prev_lon
| eval time_diff=-1*time_diff
| eval ratio = distances3600/time_diff
| where ratio> 500 
| geostats latfield=lat longfield=lon count by Application

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-16-2023 02:43 AM

Hi @syazwani ... As said by PickleRick, there is no Splunk command as "distance"

1) For other new Splunker's info about Splunk's Search Commands.. pls check the Splunk search reference document.. https://docs.splunk.com/Documentation/Splunk/9.1.1/SearchReference/Rex

(i copied rex command's link... on the left side you will see a list of commands, alphabetically)

2) this should be from a app or add-on... mostly from a macros.conf file from that app/add-on 

so, pls try to look into the macros conf files. 

3) may we know if this was working previously and just recently it didnt work? was there any app/add-on upgrades? 

4) not sure, but, lets try... that error msg got an yellow triangle.. like a splunk warning msg.. are you able to click on it?.. does it give you more details? 

5) on the internal logs for that app/add-on, do you see any warnings/errors 

 

Reply

syazwani
Path Finder
‎10-16-2023 08:44 PM

Hi @inventsekar ,

Thank you for your feedback.

Yes, I'm currently using the Splunk App for Salesforce and this is our first time installing it. On the Splunk warning message, it didnt mentioned any details, only as the above screenshot. I did check on the search.log, they error show "syntax error - script (path)".

I guess i need to fine tuned the query or is there any other way I can work on?

Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-16-2023 12:55 AM

There is no such standard search command as "distance". It must come from an app you have installed. Consult the app's documentation for correct syntax.

Reply

syazwani
Path Finder
‎10-16-2023 08:47 PM

Hi @PickleRick,

Noted on this. Yes I am using the Splunk App for Salesforce and it is using the "distance" command. Seems like they dont have a documentation for this app. Btw thankyou for your feedback.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...