https://community.splunk.com/t5/Splunk-Search/Eval-search-help-can-t-seem-to-get-it-right/m-p/178472#M51323 <P>Hello,</P> <P>I am somewhat new to splunk but I am having issues creating a table for a search I am doing and I need assistance please.</P> <P>Example log:</P> <P>vip:vip_name_goes_here dns_response:0.008 http_code:200 time_total:0.523 url_effective:url_goes_here:80</P> <P>Search query I am trying to execute:</P> <P>index=* host=kjones* sourcetype="viphealth" | eval http_code="http_code:" | eval vip="vip:" | eval dns_response="dns_response:" | eval time_total="time_total:" | eval url_effective="url_effective" | table vip dns_response http_code time_total url_effective</P> <P>I know its wrong but how do I evaluate the sources defined in the log above? I have the ability to change the output of the log to different interesting fields if needed. I just want a table that will give me stats of all logs for these type. </P> <P>Example of how I want table to show:</P> <P>vip dns_response http_code time_total url_effective<BR /> vip:vip_name_goes_here dns_response:0.008 http_code:200 time_total:0.523 url_effective:url_goes_here</P> <P>Thanks for any help you can be.</P> Mon, 28 Sep 2020 16:43:24 GMT kj384g 2020-09-28T16:43:24Z https://community.splunk.com/t5/Splunk-Search/Eval-search-help-can-t-seem-to-get-it-right/m-p/178472#M51323 <P>Hello,</P> <P>I am somewhat new to splunk but I am having issues creating a table for a search I am doing and I need assistance please.</P> <P>Example log:</P> <P>vip:vip_name_goes_here dns_response:0.008 http_code:200 time_total:0.523 url_effective:url_goes_here:80</P> <P>Search query I am trying to execute:</P> <P>index=* host=kjones* sourcetype="viphealth" | eval http_code="http_code:" | eval vip="vip:" | eval dns_response="dns_response:" | eval time_total="time_total:" | eval url_effective="url_effective" | table vip dns_response http_code time_total url_effective</P> <P>I know its wrong but how do I evaluate the sources defined in the log above? I have the ability to change the output of the log to different interesting fields if needed. I just want a table that will give me stats of all logs for these type. </P> <P>Example of how I want table to show:</P> <P>vip dns_response http_code time_total url_effective<BR /> vip:vip_name_goes_here dns_response:0.008 http_code:200 time_total:0.523 url_effective:url_goes_here</P> <P>Thanks for any help you can be.</P> Mon, 28 Sep 2020 16:43:24 GMT https://community.splunk.com/t5/Splunk-Search/Eval-search-help-can-t-seem-to-get-it-right/m-p/178472#M51323 kj384g 2020-09-28T16:43:24Z https://community.splunk.com/t5/Splunk-Search/Eval-search-help-can-t-seem-to-get-it-right/m-p/178473#M51324 <P>Hi there</P> <P>Have you done any extractions from your events as yet?</P> Mon, 26 May 2014 22:01:06 GMT https://community.splunk.com/t5/Splunk-Search/Eval-search-help-can-t-seem-to-get-it-right/m-p/178473#M51324 denisevw 2014-05-26T22:01:06Z https://community.splunk.com/t5/Splunk-Search/Eval-search-help-can-t-seem-to-get-it-right/m-p/178474#M51325 <P>Hello,</P> <P>Thanks for the reply.</P> <P>No. I am not sure how to do that? Would I need to use the rex command?</P> Mon, 26 May 2014 22:04:23 GMT https://community.splunk.com/t5/Splunk-Search/Eval-search-help-can-t-seem-to-get-it-right/m-p/178474#M51325 kj384g 2014-05-26T22:04:23Z https://community.splunk.com/t5/Splunk-Search/Eval-search-help-can-t-seem-to-get-it-right/m-p/178475#M51326 <P>That fixed it thanks! I didn't know how to extract fields.</P> Mon, 26 May 2014 22:24:07 GMT https://community.splunk.com/t5/Splunk-Search/Eval-search-help-can-t-seem-to-get-it-right/m-p/178475#M51326 kj384g 2014-05-26T22:24:07Z