Solved: inserting newline, tab into eval-ed field

gliptak · ‎11-12-2020

Running

| makeresults | eval s="foo\nbar"

displays

foo\nbar

and it is unclear if the variable has a newline or just contains "\n"

Is this the right syntax to insert newline (tab)?

ITWhisperer · ‎11-13-2020

copy and paste from notepad or something like that

View solution in original post

ITWhisperer · ‎11-13-2020

| makeresults | eval s="foo
bar"

gliptak · ‎11-13-2020

The gets me part way there. Shift-Enter works for newline. Would you also have a pointer for inserting Tab?

ITWhisperer · ‎11-13-2020

copy and paste from notepad or something like that

yuanliu · ‎06-26-2021

A really neat trick I keep forgetting! To insert literal newline without external editor/copy-n-paste, you can use "ctrl + <enter>" in SPL search editor.

inserting newline, tab into eval-ed field

eval

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation