Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a new field using eval and display it in a table?

mdufrasne
Explorer
‎05-20-2016 01:06 PM

I am struggling to make eval work with table.
Check out the screenshot below:

alt text

I would expect this to create a field titled Event_Detail, that it would represent the length and that they would be displayed with the table command, but that is not the case here.

I'm sure I am missing something simple.

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jpolcari
Communicator
‎05-20-2016 01:15 PM

Try placing the field name within quotes: len("logdata.processInfo.ProcessName")

View solution in original post

Reply
Solved! Jump to solution
Solution

jpolcari
Communicator
‎05-20-2016 01:15 PM

Try placing the field name within quotes: len("logdata.processInfo.ProcessName")

Reply
Solved! Jump to solution

somesoni2
SplunkTrust
SplunkTrust
‎05-20-2016 01:28 PM

Dot (.) is a special char in eval (for concatenation) so you would need to quote it, single and double quotes both will work.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...