Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: field value invalid
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When using "typeof, results are field value invalid
vsid_splunk
Explorer
11-07-2014
09:22 AM
I have used "typeof" to know the Types for fields for the data set in splunk web version, but I get the Value column showing invalid in each one of its corresponding rows.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
top_splunker
Engager
07-12-2022
06:02 AM
@vsid_splunk try putting single quotes around the field name that is returning as invalid.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
makelovenotwar
Path Finder
07-13-2023
08:49 AM
GENIUS!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vsid_splunk
Explorer
11-10-2014
06:56 AM
@somesoni2 can you look at my search, sir?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vsid_splunk
Explorer
11-07-2014
12:19 PM
sourcetype = json | FieldsTypes
This macro definition of FieldsTypes is.... eval Ent_Code = typeof ('TableEntry.EventCode')
So @somesoni2 , im seeing the Ent_Code as invalid in "value" column after I click on "AllFields"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
11-07-2014
10:41 AM
Can you post your search?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vsid_splunk
Explorer
11-07-2014
09:24 AM
Can anyone "Please" Respond using #Tag. ASAP!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Raghav2384
Motivator
11-10-2014
07:32 AM
Never used typeof / didn't get there yet. May be this can help
http://answers.splunk.com/answers/177400/how-to-use-json-extracted-fields-with-eval-functio.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cdstealer
Contributor
07-26-2018
03:28 AM
just ran into this myself. single quotes fixed it. Thanks
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
