Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Error while creating eval expression for calculated fields in data models

pdantuuri0411
Explorer
‎09-19-2019 12:16 PM

I have a data model and defined about 5 fields. But one of the fields doesnt always have a value. I want it to show as "null" when there is no value in the log. So for this particular field, I created it as a calculated field(systemid) and gave an eval expression systemid=if(isnull(systemid),"NULL",systemid). Now I get the error "Error in 'eval' command: Fields cannot be assigned a boolean result. Instead, try if([bool expr], [expr], [expr])."

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-19-2019 01:00 PM

What you have should work. Try this alternative, however: systemid = coalesce(systemid, "NULL").

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

pdantuuri0411
Explorer
‎09-19-2019 01:18 PM

Thank you for the reply @rickgalloway

I just copy pasted systemid = coalesce(systemid, "NULL") in eval expression in calculated fields and I get the same error Error in 'eval' command: Fields cannot be assigned a boolean result. Instead, try if([bool expr], [expr], [expr]).

Regards.

0 Karma
Reply
Get Updates on the Splunk Community!

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...