Splunk Search

Syntax Error while using "distance" command

Path Finder

Hi peeps,

I receive below error while running a query.

error on dashboard.png

below is my query;

| iplocation allfields=true SourceIp
| eval cur_t=_time
| streamstats current=t window=2 first(lat) as prev_lat first(lon) as prev_lon first(cur_t) as prev_t by Username
| eval time_diff=cur_t - prev_t
| distance outputField=distance inputFieldlat1=lat inputFieldLat2=prev_lat inputfieldLon1=lon inputFieldLon2=prev_lon
| eval time_diff=-1*time_diff
| eval ratio = distances3600/time_diff
| where ratio> 500 
| geostats latfield=lat longfield=lon count by Application


Labels (1)
Tags (1)
0 Karma


Hi @syazwani ... As said by PickleRick, there is no Splunk command as "distance"

1) For other new Splunker's info about Splunk's Search Commands.. pls check the Splunk search reference document.. https://docs.splunk.com/Documentation/Splunk/9.1.1/SearchReference/Rex

(i copied rex command's link... on the left side you will see a list of commands, alphabetically)

2) this should be from a app or add-on... mostly from a macros.conf file from that app/add-on 

so, pls try to look into the macros conf files. 

3) may we know if this was working previously and just recently it didnt work? was there any app/add-on upgrades? 

4) not sure, but, lets try... that error msg got an yellow triangle.. like a splunk warning msg.. are you able to click on it?.. does it give you more details? 

5) on the internal logs for that app/add-on, do you see any warnings/errors 


Path Finder

Hi @inventsekar ,

Thank you for your feedback.

Yes, I'm currently using the Splunk App for Salesforce and this is our first time installing it. On the Splunk warning message, it didnt mentioned any details, only as the above screenshot. I did check on the search.log, they error show "syntax error - script (path)".

I guess i need to fine tuned the query or is there any other way I can work on?

Tags (1)
0 Karma


There is no such standard search command as "distance". It must come from an app you have installed. Consult the app's documentation for correct syntax.

Path Finder

Hi @PickleRick,

Noted on this. Yes I am using the Splunk App for Salesforce and it is using the "distance" command. Seems like they dont have a documentation for this app. Btw thankyou for your feedback.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...