Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

[help]eval expression for dynamic field is invalid

cheriemilk
Path Finder
‎01-14-2020 12:33 AM

Hi Team,

I have below appendpipe clause
| appendpipe
[| eventstats first(eval("step3".mvindex(list_behavior,2))) as start, first(eval(if(isnull(mvindex(list_behavior,3))), "step4".mvindex(list_behavior,3), "exit")) as end by UserID]

But I got the an error when searching
Error in 'eventstats' command: The eval expression for dynamic field 'eval(if(isnull(mvindex(list_behavior,3))), "step4".mvindex(list_behavior,3), "exit")' is invalid. Error='The operator at ', "Cherie", "exit"' is invalid.'.

I want to judge first that if the index list_behavior[3] exist or not. If exist, keep the original value, if not, fill in with "exist"

What the correct syntax format should be here ?

Best Regards,
Cherie

Tags (1)
0 Karma
Reply

to4kawa
Ultra Champion
‎01-14-2020 01:14 AM 
....
| appendpipe
[| eventstats first(eval("step3".mvindex(list_behavior,2))) as start, first(eval(if(mvcount(list_behavior)=3, "step4".mvindex(list_behavior,3), "exit"))) as end by UserID]

Hi, @cheriemilk
how about this?

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...