Re: field value invalid

vsid_splunk · ‎11-07-2014

I have used "typeof" to know the Types for fields for the data set in splunk web version, but I get the Value column showing invalid in each one of its corresponding rows.

top_splunker · ‎07-12-2022

@vsid_splunk try putting single quotes around the field name that is returning as invalid.

makelovenotwar · ‎07-13-2023

GENIUS!

vsid_splunk · ‎11-10-2014

@somesoni2 can you look at my search, sir?

vsid_splunk · ‎11-07-2014

sourcetype = json | FieldsTypes

This macro definition of FieldsTypes is.... eval Ent_Code = typeof ('TableEntry.EventCode')

So @somesoni2 , im seeing the Ent_Code as invalid in "value" column after I click on "AllFields"

somesoni2 · ‎11-07-2014

Can you post your search?

vsid_splunk · ‎11-07-2014

Can anyone "Please" Respond using #Tag. ASAP!

Raghav2384 · ‎11-10-2014

Never used typeof / didn't get there yet. May be this can help
http://answers.splunk.com/answers/177400/how-to-use-json-extracted-fields-with-eval-functio.html

cdstealer · ‎07-26-2018

just ran into this myself. single quotes fixed it. Thanks

When using "typeof, results are field value invalid

fields

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout