Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does Splunk have an echo command

TonyLeeVT
Builder
‎03-28-2015 04:13 AM

Does Splunk have a command that could be used in the search field that would echo the response in the search results. It would operate similar to a Linux echo.

echo foo

> foo

Thanks

Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-28-2015 03:34 PM

Try this:

| stats count as echo | eval echo = "foo"

That'll produce one result with a field echo and a value "foo".

View solution in original post

Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎03-28-2015 06:13 PM

You can also do:

| localop | stats count | eval myliteral="Whatever" | table myliteral
0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-28-2015 03:34 PM

Try this:

| stats count as echo | eval echo = "foo"

That'll produce one result with a field echo and a value "foo".

Reply
Solved! Jump to solution

pacmac
Explorer
‎12-12-2019 12:19 AM

Why is the first | in front of stats needed? You don't need it to do just a search, but this stats command does not work without it. Thank you.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎12-12-2019 06:23 AM

Without the pipe you're searching for the word "stats" .

Note, by now there is the explicit command | makeresults to create an empty result, it's slightly more efficient than stats and much more readable.

Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 03:40 PM

Worked great, thanks.

0 Karma
Reply
Solved! Jump to solution

fdi01
Motivator
‎03-28-2015 09:38 AM

there no command in splunk that function exactly like the command ech of linux. but from a combination of command you get the result that you want .

and Display High values of a field , you can use commands such as "table"; "field" .....
to change the field values you use the "eval"; ...

you can use macro to simulate aproche

or map command, see this example can help you:

sourcetype=syslog sudo | stats count by user host | map search="search
index=ad_summary username=$user$ type_logon=ad_last_logon"
0 Karma
Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 03:00 PM

Not sure that will do the trick. Sorry. Can you be more precise? In fact, that answer looks like a direct copy and paste from an unrelated question and answer.

0 Karma
Reply
Solved! Jump to solution

nadid
Path Finder
‎03-28-2015 07:47 AM

|eval column='literal'

0 Karma
Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 02:54 PM

When entered in the search bar, no results are found. Can you please be more specific? Thanks.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎03-28-2015 05:22 AM

What are you trying to achieve?

0 Karma
Reply
Solved! Jump to solution

TonyLeeVT
Builder
‎03-28-2015 02:55 PM

Enter something in the search bar and it is returned in the search results. Similar to echo.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Top