Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Syntax Error while using "distance" command

syazwani
Path Finder
‎10-15-2023 10:03 PM

Hi peeps,

I receive below error while running a query.

error on dashboard.png

below is my query;

eventtype=sfdc-login-history 
| iplocation allfields=true SourceIp 
| eval cur_t=_time 
| streamstats current=t window=2 first(lat) as prev_lat first(lon) as prev_lon first(cur_t) as prev_t by Username 
| eval time_diff=cur_t - prev_t 
| distance outputField=distance inputFieldlat1=lat inputFieldLat2=prev_lat inputfieldLon1=lon inputFieldLon2=prev_lon
| eval time_diff=-1*time_diff
| eval ratio = distances3600/time_diff
| where ratio> 500 
| geostats latfield=lat longfield=lon count by Application

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-16-2023 02:43 AM

Hi @syazwani ... As said by PickleRick, there is no Splunk command as "distance"

1) For other new Splunker's info about Splunk's Search Commands.. pls check the Splunk search reference document.. https://docs.splunk.com/Documentation/Splunk/9.1.1/SearchReference/Rex

(i copied rex command's link... on the left side you will see a list of commands, alphabetically)

2) this should be from a app or add-on... mostly from a macros.conf file from that app/add-on 

so, pls try to look into the macros conf files. 

3) may we know if this was working previously and just recently it didnt work? was there any app/add-on upgrades? 

4) not sure, but, lets try... that error msg got an yellow triangle.. like a splunk warning msg.. are you able to click on it?.. does it give you more details? 

5) on the internal logs for that app/add-on, do you see any warnings/errors 

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply

syazwani
Path Finder
‎10-16-2023 08:44 PM

Hi @inventsekar ,

Thank you for your feedback.

Yes, I'm currently using the Splunk App for Salesforce and this is our first time installing it. On the Splunk warning message, it didnt mentioned any details, only as the above screenshot. I did check on the search.log, they error show "syntax error - script (path)".

I guess i need to fine tuned the query or is there any other way I can work on?

Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-16-2023 12:55 AM

There is no such standard search command as "distance". It must come from an app you have installed. Consult the app's documentation for correct syntax.

Reply

syazwani
Path Finder
‎10-16-2023 08:47 PM

Hi @PickleRick,

Noted on this. Yes I am using the Splunk App for Salesforce and it is using the "distance" command. Seems like they dont have a documentation for this app. Btw thankyou for your feedback.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...
Top