Solved: Is it possible to concatenate string with a number...

SumanPalisetty · ‎10-31-2022

Hi,

Can we concatenate a string with a number using eval with '.' operator? I got to know that from a video, but when i do it, I am able to do it. I don't know what is going on. Kindly help.

Regards

Suman P.

somesoni2 · ‎10-31-2022

The plus ( + ) operator accepts two numbers for addition, or two strings for concatenation.
The period ( . ) operator concatenates both strings and number. Numbers are concatenated in their string represented form.

Check if the field "action" has null values. If it does, whole eval expression will be null. In stead, try like this :

source= "2access_30DAY.log"
| eval "new_field"=coalesce('action',"Default String Here, change it per your need"). 10 | table "new_field"

View solution in original post

somesoni2 · ‎10-31-2022

The plus ( + ) operator accepts two numbers for addition, or two strings for concatenation.
The period ( . ) operator concatenates both strings and number. Numbers are concatenated in their string represented form.

Check if the field "action" has null values. If it does, whole eval expression will be null. In stead, try like this :

source= "2access_30DAY.log"
| eval "new_field"=coalesce('action',"Default String Here, change it per your need"). 10 | table "new_field"

SumanPalisetty · ‎10-31-2022

Sorry, I am being stupid. '.' operator allows concatenation of numeric and alphabets while '+' allows only concatenation of alphabets and numeric.

Regards

Suman P.

ITWhisperer · ‎10-31-2022

For some of your events the action field is null/not present

Is it possible to concatenate string with a number using eval?

search job inspector

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies