Splunk Search

Calculated field

VijaySrrie
Builder

Hi Team,

How to write a calculated field for below 

| eval action=case(like("request.path","auth/ldap/login/names"),"success")

Names field will be changeing
Above one is not working

Labels (1)
0 Karma
1 Solution

yuanliu
SplunkTrust
SplunkTrust

Assuming request.path is a field name, you are looking for 

| eval action=case(like('request.path',"auth/ldap/login/names"),"success")

 

View solution in original post

0 Karma

yuanliu
SplunkTrust
SplunkTrust

Assuming request.path is a field name, you are looking for 

| eval action=case(like('request.path',"auth/ldap/login/names"),"success")

 

0 Karma
Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...