Splunk Search

How to create a new field using eval and display it in a table?

mdufrasne
Explorer

I am struggling to make eval work with table.
Check out the screenshot below:

alt text

I would expect this to create a field titled Event_Detail, that it would represent the length and that they would be displayed with the table command, but that is not the case here.

I'm sure I am missing something simple.

0 Karma
1 Solution

jpolcari
Communicator

Try placing the field name within quotes: len("logdata.processInfo.ProcessName")

View solution in original post

jpolcari
Communicator

Try placing the field name within quotes: len("logdata.processInfo.ProcessName")

somesoni2
SplunkTrust
SplunkTrust

Dot (.) is a special char in eval (for concatenation) so you would need to quote it, single and double quotes both will work.

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...