Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

inserting newline, tab into eval-ed field

gliptak
Explorer
‎11-12-2020 01:36 PM

Running

| makeresults | eval s="foo\nbar"

 displays

foo\nbar

and it is unclear if the variable has a newline or just contains "\n"

Is this the right syntax to insert newline (tab)?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-13-2020 05:17 AM

copy and paste from notepad or something like that

View solution in original post

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-13-2020 12:11 AM 
| makeresults | eval s="foo
bar"
Reply
Solved! Jump to solution

gliptak
Explorer
‎11-13-2020 05:07 AM

The gets me part way there. Shift-Enter works for newline. Would you also have a pointer for inserting Tab?

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-13-2020 05:17 AM

copy and paste from notepad or something like that

Reply
Solved! Jump to solution

yuanliu
SplunkTrust
SplunkTrust
‎06-26-2021 12:36 AM

A really neat trick I keep forgetting!  To insert literal newline without external editor/copy-n-paste, you can use "ctrl + <enter>" in SPL search editor.

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...