Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Knowledge Management
- :
- Validation Expression is not working in my macro.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Validation Expression is not working in my macro.
I wanted to use macros to change whether or not to perform a subsequent search, depending on the results of a particular field.
So, I configured following macro for test, but it isn't working well.
Definition
eval status=$arg$Arguments
argValidation Expression
$arg$="OK"Validation Error Message
this is error!
I tried the following search for the test, but I get an error even if the flag is "OK".
| makeresults count=1
| eval flag="OK"
| `test(flag)`
Is something wrong with the settings?
Or is this a bug?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
マクロのValidation Expressionは使わないのが正解なんじゃないですか?
少し検証してみましたが、isnull、isnotnullくらいしかうまく動かない感じです。使いたければこの2つで制御するのをお勧めします。
Ver.7.0.3
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @yutaka1005
For the Validation expression use:
like($arg$, "OK")
Also, since you are specifying that the definition is an eval, do not tick 'use eval based expression'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Although I was checking the operation, it seems that the following Validation Expression does not apply to the value of field passed as an argument.
like($arg$, "OK")
In the above example, the field flag is passed, but it seems that Validation Expression doesn't judge value of flag, but the flag as string.
Is this a specification...?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for answer!
I changed validation expression, but it still not work...
(* I didn't tick 'use eval based expression')
By the way, my splunk version is 7.2.3
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
