I have used "typeof" to know the Types for fields for the data set in splunk web version, but I get the Value column showing invalid in each one of its corresponding rows.
@vsid_splunk try putting single quotes around the field name that is returning as invalid.
@somesoni2 can you look at my search, sir?
sourcetype = json | FieldsTypes
FieldsTypes
This macro definition of FieldsTypes is.... eval Ent_Code = typeof ('TableEntry.EventCode')
So @somesoni2 , im seeing the Ent_Code as invalid in "value" column after I click on "AllFields"
Can you post your search?
Can anyone "Please" Respond using #Tag. ASAP!
Never used typeof / didn't get there yet. May be this can help http://answers.splunk.com/answers/177400/how-to-use-json-extracted-fields-with-eval-functio.html
just ran into this myself. single quotes fixed it. Thanks
