Splunk Enterprise Security

Can you make custom eval functions?

jamolson
Path Finder

I was curious, and was not able to find an answer online or here, if you are able to create custom eval subcommands.
What I mean by this are things like mvcount() or dc().
I have custom commands in a custom app using python now but rather than needing to call a whole new command I would like to do some of these in just an eval.
For example I made a macro that can convert a int of seconds into a human readable string to help display time deltas better. e.g 6234 would become "1 hour 43 minutes and 54 seconds". I would like to do something like:

| eval cleanTime = duration(seconds)

Rather than building a full custom command to do the following:

| duration outputfield=cleanTime seconds

I know the function's code are locked and are part of the source code but can I add to it?

Labels (1)
1 Solution

richgalloway
SplunkTrust
SplunkTrust

There is no way to create custom eval functions.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

There is no way to create custom eval functions.

---
If this reply helps you, Karma would be appreciated.
0 Karma

jamolson
Path Finder

Well thats too bad, at least that's a clear answer.
Thank you for the help.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...