Splunk Search

echo command in splunk

neeldesai1992
Path Finder

How can I print out any value or any result in splunk? Does splunk have any echo command system? eval didn't help me much.

Tags (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi neeldesai1992,
You can print out any result using the table command:
you can list the full _raw log ( | table _time _raw ) or selected fields ( | table _time field1 field2 fieldn ).

eval is a command to elaborate field values.

Bye.
Giuseppe

View solution in original post

0 Karma

pallivikas
New Member

If you are looking to print out multiple static values under different columns in the output, use the below query:

| stats count | eval Name="my name", Nickname="anything", Text="This is my custom text" | fields - count

 

Result looks like this:

image.png

 This can be of use when u want to display the text not available in the fields. Hope this helps.

 

 

0 Karma

niketn
Legend

@neeldesai1992, if you are starting with Splunk, you should go through basic Splunk tutorials on Splunk Education site : https://www.splunk.com/view/education-videos/SP-CAAAGB6

Also Splunk Fundamentals 1 Free Splunk course: https://www.splunk.com/view/SP-CAAAPX9
Or Using Splunk Free Course: https://www.splunk.com/view/SP-CAAAHSM

You should also try out Splunk Search Tutorial Step By Step Documentation on Splunk Docs.
http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi neeldesai1992,
You can print out any result using the table command:
you can list the full _raw log ( | table _time _raw ) or selected fields ( | table _time field1 field2 fieldn ).

eval is a command to elaborate field values.

Bye.
Giuseppe

0 Karma

s2_splunk
Splunk Employee
Splunk Employee

What do you mean by 'print out'? You can always display field values by doing something like this index=xyz sourcetype=abc | table fieldA fieldB fieldC
But I am not sure I understand your question.

0 Karma
Get Updates on the Splunk Community!

Cloud Platform | Customer Change Announcement: Email Notification Will Be Available ...

The Notification Team is migrating our email service provider since currently there’s no support ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...