9/13/2023 0 Comments Splunk eval concatenate![]() Example: | rename service AS serviceType, RC AS responseCode.RENAME: This command helps to rename field(s), below command will rename a field named as service to serviceType and RC as responseCode The output will be something like: viewReport have a response code of 200įIELDS: This command helps to keep or remove specified fields from the search results, below command will keep just three fields in your search result.Let's say you want to create a new filed and concatenate results of multiple fields and bring them to your newly created field, below command will create a new field called "Output" and will have the value of two fields "request" and "RC" in addition to that some normal static text. Example: | replace fetchReport with Report, viewReport with Report in serviceType.REPLACE: This command helps to replace the values of fields with another value, below command will replace the values "fetchReport" and "viewReport" as "Report" in "serviceType' field. TABLE: This command helps to format the results into tabular output. (The above expression is literal, and uses JavaScript spread syntax.TRANSACTION: This command helps to merge events into a single event based upon a common identifier, below command will create events based on two events i.e.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |