Splunk Enterprise Security

Can you make custom eval functions?

Path Finder

I was curious, and was not able to find an answer online or here, if you are able to create custom eval subcommands.
What I mean by this are things like mvcount() or dc().
I have custom commands in a custom app using python now but rather than needing to call a whole new command I would like to do some of these in just an eval.
For example I made a macro that can convert a int of seconds into a human readable string to help display time deltas better. e.g 6234 would become "1 hour 43 minutes and 54 seconds". I would like to do something like:

| eval cleanTime = duration(seconds)

Rather than building a full custom command to do the following:

| duration outputfield=cleanTime seconds

I know the function's code are locked and are part of the source code but can I add to it?

Labels (1)
1 Solution

SplunkTrust
SplunkTrust

There is no way to create custom eval functions.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

There is no way to create custom eval functions.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

Path Finder

Well thats too bad, at least that's a clear answer.
Thank you for the help.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!