Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you do a multiline eval command in a datamodel for an eval field?

ebs
Communicator
‎07-27-2021 11:38 PM

Whenever I've created eval fields before in a data model they're just a single command. Is it possible to do a multiline eval command for a field? This is what I want to make into a single field:

| eval AEST_time=_time+36000
| convert timeformat="%Y-%m-%dT%H:%M:%S.%3Q %Z" ctime(AEST_time)
| eval epoch=strptime(AEST_time, "%Y-%m-%dT%H:%M:%S.%3Q %Z")
| eval date=strftime(epoch, "%Y-%m-%d")

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-27-2021 11:59 PM

Hi @ebs 

You shall get the same output with this, when you add something to _time it will be by default coverted to ePoch

 

| eval date=strftime(toNumber(_time+36000), "%Y-%m-%d")

 

 

View solution in original post

Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-27-2021 11:59 PM

Hi @ebs 

You shall get the same output with this, when you add something to _time it will be by default coverted to ePoch

 

| eval date=strftime(toNumber(_time+36000), "%Y-%m-%d")

 

 

Reply
Solved! Jump to solution

ebs
Communicator
‎07-28-2021 03:49 PM

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...