Hi peeps,
I receive below error while running a query.
below is my query;
eventtype=sfdc-login-history
| iplocation allfields=true SourceIp
| eval cur_t=_time
| streamstats current=t window=2 first(lat) as prev_lat first(lon) as prev_lon first(cur_t) as prev_t by Username
| eval time_diff=cur_t - prev_t
| distance outputField=distance inputFieldlat1=lat inputFieldLat2=prev_lat inputfieldLon1=lon inputFieldLon2=prev_lon
| eval time_diff=-1*time_diff
| eval ratio = distances3600/time_diff
| where ratio> 500
| geostats latfield=lat longfield=lon count by Application
Hi @syazwani ... As said by PickleRick, there is no Splunk command as "distance"
1) For other new Splunker's info about Splunk's Search Commands.. pls check the Splunk search reference document.. https://docs.splunk.com/Documentation/Splunk/9.1.1/SearchReference/Rex
(i copied rex command's link... on the left side you will see a list of commands, alphabetically)
2) this should be from a app or add-on... mostly from a macros.conf file from that app/add-on
so, pls try to look into the macros conf files.
3) may we know if this was working previously and just recently it didnt work? was there any app/add-on upgrades?
4) not sure, but, lets try... that error msg got an yellow triangle.. like a splunk warning msg.. are you able to click on it?.. does it give you more details?
5) on the internal logs for that app/add-on, do you see any warnings/errors
Hi @inventsekar ,
Thank you for your feedback.
Yes, I'm currently using the Splunk App for Salesforce and this is our first time installing it. On the Splunk warning message, it didnt mentioned any details, only as the above screenshot. I did check on the search.log, they error show "syntax error - script (path)".
I guess i need to fine tuned the query or is there any other way I can work on?
There is no such standard search command as "distance". It must come from an app you have installed. Consult the app's documentation for correct syntax.
Hi @PickleRick,
Noted on this. Yes I am using the Splunk App for Salesforce and it is using the "distance" command. Seems like they dont have a documentation for this app. Btw thankyou for your feedback.