Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does Splunk have an echo command

TonyLeeVT
Builder
‎03-28-2015 04:13 AM

Does Splunk have a command that could be used in the search field that would echo the response in the search results. It would operate similar to a Linux echo.

echo foo

> foo

Thanks

Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-28-2015 03:34 PM

Try this:

| stats count as echo | eval echo = "foo"

That'll produce one result with a field echo and a value "foo".

View solution in original post

Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎03-28-2015 06:13 PM

You can also do:

| localop | stats count | eval myliteral="Whatever" | table myliteral
0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-28-2015 03:34 PM

Try this:

| stats count as echo | eval echo = "foo"

That'll produce one result with a field echo and a value "foo".

Reply
Solved! Jump to solution

pacmac
Explorer
‎12-12-2019 12:19 AM

Why is the first | in front of stats needed? You don't need it to do just a search, but this stats command does not work without it. Thank you.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎12-12-2019 06:23 AM

Without the pipe you're searching for the word "stats" .

Note, by now there is the explicit command | makeresults to create an empty result, it's slightly more efficient than stats and much more readable.

Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 03:40 PM

Worked great, thanks.

0 Karma
Reply
Solved! Jump to solution

fdi01
Motivator
‎03-28-2015 09:38 AM

there no command in splunk that function exactly like the command ech of linux. but from a combination of command you get the result that you want .

and Display High values of a field , you can use commands such as "table"; "field" .....
to change the field values you use the "eval"; ...

you can use macro to simulate aproche

or map command, see this example can help you:

sourcetype=syslog sudo | stats count by user host | map search="search
index=ad_summary username=$user$ type_logon=ad_last_logon"
0 Karma
Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 03:00 PM

Not sure that will do the trick. Sorry. Can you be more precise? In fact, that answer looks like a direct copy and paste from an unrelated question and answer.

0 Karma
Reply
Solved! Jump to solution

nadid
Path Finder
‎03-28-2015 07:47 AM

|eval column='literal'

0 Karma
Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 02:54 PM

When entered in the search bar, no results are found. Can you please be more specific? Thanks.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-28-2015 05:22 AM

What are you trying to achieve?

0 Karma
Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 02:55 PM

Enter something in the search bar and it is returned in the search results. Similar to echo.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...