Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to pass field value from search to write kind of an event in the same search using eval command?

ak9092
Path Finder
‎05-20-2022 07:38 AM

Hey Splunkers,

I am not sure if this is possible or not but what i was trying to do is something like passing the values of search in the eval command to basically form a statement or  an event .

So for example consider below search returns multiple users first name, last name and country details.

Now with that field values what i am trying to do is create a eval statement like below-

index=foo source=user_detail

|table first_name  last_name country

|eval statement = My name is "$first_name $ $last_name$ and i come from $country$

|table statement

 

But this is not passing those field values to eval statement, so anyone knows if there is a way we can do this ?

Thanks.

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-20-2022 08:04 AM

Hi @ak9092,

let me understand: you want to concatenatethree fields value in only one, is it correct?

if this is your need, please try this:

index=foo source=user_detail
| eval statement="My name is ".first_name." ".last_name." and i come from ".country
| table statement

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-20-2022 08:04 AM

Hi @ak9092,

let me understand: you want to concatenatethree fields value in only one, is it correct?

if this is your need, please try this:

index=foo source=user_detail
| eval statement="My name is ".first_name." ".last_name." and i come from ".country
| table statement

Ciao.

Giuseppe

Reply
Solved! Jump to solution

ak9092
Path Finder
‎05-20-2022 08:17 AM

That's exactly what I needed, Thanks much @gcusello 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-20-2022 08:26 AM

Hi @ak9092,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...