Re: field value invalid

vsid_splunk · ‎11-07-2014

I have used "typeof" to know the Types for fields for the data set in splunk web version, but I get the Value column showing invalid in each one of its corresponding rows.

top_splunker · ‎07-12-2022

@vsid_splunk try putting single quotes around the field name that is returning as invalid.

makelovenotwar · ‎07-13-2023

GENIUS!

vsid_splunk · ‎11-10-2014

@somesoni2 can you look at my search, sir?

vsid_splunk · ‎11-07-2014

sourcetype = json | FieldsTypes

This macro definition of FieldsTypes is.... eval Ent_Code = typeof ('TableEntry.EventCode')

So @somesoni2 , im seeing the Ent_Code as invalid in "value" column after I click on "AllFields"

somesoni2 · ‎11-07-2014

Can you post your search?

vsid_splunk · ‎11-07-2014

Can anyone "Please" Respond using #Tag. ASAP!

Raghav2384 · ‎11-10-2014

Never used typeof / didn't get there yet. May be this can help
http://answers.splunk.com/answers/177400/how-to-use-json-extracted-fields-with-eval-functio.html

cdstealer · ‎07-26-2018

just ran into this myself. single quotes fixed it. Thanks

When using "typeof, results are field value invalid

fields

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!