Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does Splunk have an echo command

TonyLeeVT
Builder
‎03-28-2015 04:13 AM

Does Splunk have a command that could be used in the search field that would echo the response in the search results. It would operate similar to a Linux echo.

echo foo

> foo

Thanks

Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-28-2015 03:34 PM

Try this:

| stats count as echo | eval echo = "foo"

That'll produce one result with a field echo and a value "foo".

View solution in original post

Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎03-28-2015 06:13 PM

You can also do:

| localop | stats count | eval myliteral="Whatever" | table myliteral
0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-28-2015 03:34 PM

Try this:

| stats count as echo | eval echo = "foo"

That'll produce one result with a field echo and a value "foo".

Reply
Solved! Jump to solution

pacmac
Explorer
‎12-12-2019 12:19 AM

Why is the first | in front of stats needed? You don't need it to do just a search, but this stats command does not work without it. Thank you.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎12-12-2019 06:23 AM

Without the pipe you're searching for the word "stats" .

Note, by now there is the explicit command | makeresults to create an empty result, it's slightly more efficient than stats and much more readable.

Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 03:40 PM

Worked great, thanks.

0 Karma
Reply
Solved! Jump to solution

fdi01
Motivator
‎03-28-2015 09:38 AM

there no command in splunk that function exactly like the command ech of linux. but from a combination of command you get the result that you want .

and Display High values of a field , you can use commands such as "table"; "field" .....
to change the field values you use the "eval"; ...

you can use macro to simulate aproche

or map command, see this example can help you:

sourcetype=syslog sudo | stats count by user host | map search="search
index=ad_summary username=$user$ type_logon=ad_last_logon"
0 Karma
Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 03:00 PM

Not sure that will do the trick. Sorry. Can you be more precise? In fact, that answer looks like a direct copy and paste from an unrelated question and answer.

0 Karma
Reply
Solved! Jump to solution

nadid
Path Finder
‎03-28-2015 07:47 AM

|eval column='literal'

0 Karma
Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 02:54 PM

When entered in the search bar, no results are found. Can you please be more specific? Thanks.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-28-2015 05:22 AM

What are you trying to achieve?

0 Karma
Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 02:55 PM

Enter something in the search bar and it is returned in the search results. Similar to echo.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...