Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you make custom eval functions?

jamolson
Path Finder
‎05-13-2020 01:06 PM

I was curious, and was not able to find an answer online or here, if you are able to create custom eval subcommands.
What I mean by this are things like mvcount() or dc().
I have custom commands in a custom app using python now but rather than needing to call a whole new command I would like to do some of these in just an eval.
For example I made a macro that can convert a int of seconds into a human readable string to help display time deltas better. e.g 6234 would become "1 hour 43 minutes and 54 seconds". I would like to do something like:

| eval cleanTime = duration(seconds)

Rather than building a full custom command to do the following:

| duration outputfield=cleanTime seconds

I know the function's code are locked and are part of the source code but can I add to it?

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-13-2020 01:30 PM

There is no way to create custom eval functions.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-13-2020 01:30 PM

There is no way to create custom eval functions.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

jamolson
Path Finder
‎05-13-2020 01:43 PM

Well thats too bad, at least that's a clear answer.
Thank you for the help.

0 Karma
Reply
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...