Hi; I have a query that ends as follows
| stats count(eval(HttpStatus LIKE "2__")) AS success
count(eval(HttpStatus LIKE "5__")) AS fail
count as total by host
And under the Splunk UI environment I get my results as desired.
But the issue I see is when I use the exact same query under the Splunk CLI/CURL call to the service, i get the following response
{'messages': [{'type': 'FATAL', 'text': "Error in 'stats' command: The eval expression for dynamic field 'eval(HttpStatus LIKE 2__)' is invalid. Error='The operator at '__' is invalid.'"}]}
I've tried different variations of encapsulating the "httpstatus" field but non of them were successful (tried escaping characters also)
Please advise in solving this issue
Much appreciated
Randy
... View more