Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to pass search results to an R function?

SHR
New Member
‎05-26-2014 02:11 AM

Hi, I unsuccessfully tried the following approach:

sourcesystem=ABCD earliest=1313131313 latest=1313161616 | r "
source=('modlog.r')
output=modlog(input)
"

with the uploaded script 'modlog.r':

mod_log <- function(a){
p=a$ThreadID+1000
return(p)
}

The field ThreadID is just a number, changing to "p=as.numeric(a$ThreadID)+1000" leads to the same error.

The error I get is basically: command="r", could not find function "modlog".
However, if I upload other functions that don't use "input" as an argument then these are found.

The complete error text: command="r", konnte Funktion "modlog" nicht finden: Traceback (most recent call last): File "D:\Splunk\etc\apps\r\bin\r.py", line 186, in main fieldnames=fieldnames) File "D:\Splunk\etc\apps\r\bin\r.py", line 96, in r scripts.get_custom_scripts_path(), File "D:\Splunk\etc\apps\r\bin\framework.py", line 74, in exeute raise RError('%s' % err) RError: konnte Funktion "modlog" nicht finden

Can anybody see where I made a mistake?

Tags (1)
0 Karma
Reply

krwinters11
Path Finder
‎04-16-2015 10:23 AM

Along with @rfujara_splunk's answer, you need to edit your output line. It should be this:
output=mod_log(input)
Or like this:
output=data.frame(mod_log(input))

so, all together:
| r "
source('modlog.r') 
output = data.frame(mod_log(input))
"

0 Karma
Reply

rfujara_splunk
Splunk Employee
Splunk Employee
‎06-26-2014 01:35 AM

I think this is an syntax error. Just try to change the line:

source=('modlog.r')

to this:

source('modlog.r')

Does that work?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics ...

Getting Started with Splunk Artificial Intelligence, Insights for Nonprofits, and ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top