Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help) spl query

tkdguq0110
Path Finder
‎12-09-2020 11:30 PM

Hey guys. I'm a beginner of Splunk 
I have a one question. 
I  get a input value

but value has a space. so I want to remove it

here's my code

 

<input type="text"  token="field55">      // field55 is 'temp token'

<lable>test </lable>

<change>

<eval token="field5"> trim($value$)</eval> // field5 is 'real token'

</change>

</input>

.....

<query>

index=mail    mail_sender= "$field5$"
|  table mail_sender 

</query>

 

if I input like 'test123  '  the result value is 'test123' (no spaces) 
how can I do that?? 
So sorry hard to read
please help me out!!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎12-10-2020 04:10 AM

Isn't it possible to trim it in the search?

<form>
  <label>Text Space</label>
  <fieldset submitButton="false">
    <input type="text" token="input">
      <label>Input</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>|makeresults|eval acutal_text="$input$"|eval actal_length=len("$input$")|eval trimmed_text=trim(acutal_text)|eval trimmed_length=len(trimmed_text)</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

Reply
Solved! Jump to solution

Pbarboza
New Member
‎12-21-2020 08:27 AM

I have some files uploaded onto my splunk, but when I used spl like this (index=web sourcetype=access* status=200 product_name=* | table JSESSIONID,price,product_name), for example, I do not get any results.

What am I doing wrong? 

My email is barbozaprince@gmail.com

0 Karma
Reply
Solved! Jump to solution

tkdguq0110
Path Finder
‎12-10-2020 06:01 AM

Thank you for you answer 

If I input index  field,  Is it possible to use both Index and makeresults ?

 
0 Karma
Reply
Solved! Jump to solution

renjith_nair
Legend
‎12-10-2020 02:53 PM

@tkdguq0110 , that's just a run anywhere example with dummy data. So you can replace makeresults with your original search

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎12-10-2020 04:10 AM

Isn't it possible to trim it in the search?

<form>
  <label>Text Space</label>
  <fieldset submitButton="false">
    <input type="text" token="input">
      <label>Input</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>|makeresults|eval acutal_text="$input$"|eval actal_length=len("$input$")|eval trimmed_text=trim(acutal_text)|eval trimmed_length=len(trimmed_text)</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>
---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...