- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- use of eval statement in tokens evaluation
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
use of eval statement in tokens evaluation
Hi guys
Can you help me with this.
I have this extra search in the xml, just for evaluating tokens
am trying this, but its not working
<search>
<query>|inputlookup abc.csv |search Field1="$token1$" Field2="$token2$" Field3="$token3$"</query>
<earliest>-15m</earliest>
<latest>now</latest>
<done>
<eval token="token4">if('result.Field2' == *,"*","'result.Field4'")</eval>
</done>
</search>
the lookup file has Field1, Field2, Field3, Field4 values
when the above search runs with tokens passed - token1,token2,token3 -- it lists out values the specific Field4 value matching with Field3,Field2,Field1 Value
& the tokens token1, token2, token3 are coming from inputs in the same XML.
Requirement:
1) if (Field2 or token2) AND (Field3 or token3) is not *, need to set the token4 value as Field4 value
2) if Field2 or token2 is *, need to set the token4 value as *
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If all that you need is to know the values of all of your tokens, then why not just use a tool that does that automatically for you? Try Developer Gadgets App for Splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where do Field1, 2, ... come from. Where do the tokens come from? What's the content of abc.csv?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fields are there in lookup file abc.csv
& the above tokens are coming from inputs in the XML.
lookup flle contain fields Field1,Field2,Field3,Field4
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What happens if you set token4 to result.Field2 or ...3 regardless of their value, i.e. without using the if-construct.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for reply
Yes the value of the Field2 is getting passed to token4, It was not working when i use eval if statement.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Had the same use-case as PowerPacked. Commenting in case anyone was able to find a solution to this. Thanks
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
