Solved: Why am I yielding an error with Where Statement fo...

blablabla · ‎07-20-2022

Hello,

I am experiencing an interesting Issue. I am trying to filter for a specific value in a numeric field. Following statement works finde:

index="IndexA" 
| eval A.distance=trim('A.distance',"'") 
| eval A.distance='A.distance'/100 
| search A.distance=1

If I am trying to replace the search with a where, I am getting the Error "Error in 'where' command: Type checking failed. The '==' operator received different types."

index="IndexA" 
| eval A.distance=trim('A.distance',"'") 
| eval A.distance='A.distance'/100 
| where A.distance=1

Event Coverage if this value is 100% and all the values get for typeof() the result "Number". All of the values do not have a digit after the comma. We are using Splunk Enterprise 8.2.3.3 . Does someone know, why the where statement is yielding an error in this case?

Thanks

ITWhisperer · ‎07-20-2022

Try not to have special characters in field names - if you want to continue with them, put the field name in single quotes

| where 'A.distance'=1

View solution in original post

ITWhisperer · ‎07-20-2022

Try not to have special characters in field names - if you want to continue with them, put the field name in single quotes

| where 'A.distance'=1

Why am I yielding an error with Where Statement for exact numeric value?

other

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7