Hello, i have two fields Vers0 and Vers1 given in hexadecimal. They encode the Software-Version, in the Form: Vers0.Vers1, so e.g. Vers0 = 0f and Vers1 = 10 --> Version: 15.16 Since i will be needing this again down the line, i figured let's make a "function" that given these two fields outputs the resulting Version. I found the following example online: [dec2hex(1)]
args = field_name
definition = eval $field_name$ = tostring($field_name$, "hex")
iseval = 0 Unfortunately, this is not the format i have access to, i have to use the splunk tool to make a search macro. However, i do not understand its syntax. The docu here (click ) did not help at all. This is my desired "logic" with the search-macro: And then i use this "function" using the following search base search giving me fields Vers0 and Vers1| eval version = `eval_version(Vers0, Vers1)` but this does not lead to success. Any insights to what i am doing wrong. I apologize for this somewhat poor describtion but splunk really is doing my head in. How can simply things be this complicated ... Thanks guys 🙂
... View more