Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to run R script on data from a Splunk search?

clongo01
Engager
‎04-06-2015 10:24 AM

I wrote a R script that I'd like to run on data from a search in Splunk.
Unfortunately, the only examples of R scripts in Splunk do not use search data. How should I call my search data within the R commands? Currently, it does not recognize the data.

For example, if I wanted to run the script 'myscript.r' on search result data, how would I reference that data from a search in this command?
| r "
source('myscript.r')
result = myscript( data )
output = data.frame(Result=c(result))
"

When I run similar commands on my data I get the error
'command="r", object 'data' not found'

Any suggestions? Thanks!

Reply
1 Solution
Solved! Jump to solution
Solution

rfujara_splunk
Splunk Employee
Splunk Employee
‎04-08-2015 11:53 AM

The data passed to the R script is accessible thought the "input" variable. The result must be assigned to the "output" variable.

So either pass the script "inline" in quotes like this: | r " temp = some_r_function(input) \n output = another_r_function(temp) "
Or just name the R script (that you need to upload) like this: | r myscript.r

View solution in original post

Reply
Solved! Jump to solution
Solution

rfujara_splunk
Splunk Employee
Splunk Employee
‎04-08-2015 11:53 AM

The data passed to the R script is accessible thought the "input" variable. The result must be assigned to the "output" variable.

So either pass the script "inline" in quotes like this: | r " temp = some_r_function(input) \n output = another_r_function(temp) "
Or just name the R script (that you need to upload) like this: | r myscript.r

Reply
Solved! Jump to solution

SanthoshSreshta
Contributor
‎06-10-2015 12:32 AM

Hi @rfujara_splunk, can you please give me info on how to run it on splunk. I am also getting the same error as "No Data" when it is been saved as dashboard. am trying to use chart command. like as 

source = "loan_amount.csv" | 
r "
source('cal04.r') 
output=cast()
" | chart output

is it correct form to use.?

Regards,
Santhosh.

0 Karma
Reply
Solved! Jump to solution

leeyounsoo
Path Finder
‎05-29-2018 12:33 AM

r command is not avail....
splunk is not work... just stop status

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...