Inserts or overwrites values for a JSON node with the values provided and returns an updated JSON object. Returns the keys from the key-value pairs in a JSON object as a JSON array. Returns Splunk software native type values from a piece of JSON by matching literal strings in the event and extracting them as keys. The value is returned in either a JSON array, or a Splunk software native type value. This function returns a value from a piece JSON and zero or more paths. Maps the elements of a proper JSON array into a multivalue field.įlattens arrays into their component values and appends those values to the ends of indicated arrays within a valid JSON document. Returns a string that indicates the field type, such as Number, String, Boolean, and so forthĬreates a new JSON object from members of key-value pairs.Īppends values to the ends of indicated arrays within a JSON document.Ĭreates a JSON array using a list of values. Returns TRUE if the field value is a string. ![]() Returns TRUE if the field value is a number. Returns TRUE if the field value is not NULL. Returns TRUE if the field value is an integer. Returns TRUE if the field value is Boolean. The time will be different for each event, based on when the event was processed. The time that eval function was computed. Takes a human readable time and renders it into UNIX time. Takes a UNIX time and renders it into a human readable format. Returns the time that the search was started.Īdjusts the time by a relative time specifier. Generates a new masked IP address by applying a mask to an IP address using a bitwise AND operation.Ĭreates a formatted string based on a format description that you provide.Ĭonverts the input, such as a number or a Boolean value, to a string.Ĭomputes the md5 hash for the string value.Ĭomputes the sha1 hash for the string value.Ĭomputes the sha256 hash for the string value.Ĭomputes the sha512 hash for the string value. This function is the opposite of the case function. This function defaults to NULL if all conditions evaluate to TRUE. Takes a list of conditions and values and returns the value that corresponds to the condition that evaluates to FALSE. Returns TRUE if the event matches the search string. ![]() This function takes no arguments and returns NULL.Ĭompares the values in two fields and returns NULL if the value in is equal to the value in. Returns TRUE if the regular expression finds a match against any substring of the string value. The lookup() function is available only to Splunk Enterprise users. ![]() Returns the output field or fields in the form of a JSON object. Returns TRUE if one of the values in the list matches a value that you specify. If the expression evaluates to TRUE, returns the, otherwise the function returns the. Takes one or more values and returns the first value that is not NULL. Returns TRUE when an IP address,, belongs to a particular CIDR subnet. Returns the first value for which the condition evaluates to TRUE. Use the links in the table to learn more about each function and to see examples.Īccepts alternating conditions and values. This table provides a brief description for each function. The following table is a quick reference of the supported evaluation functions, organized by category. There are two ways that you can see information about the supported evaluation functions: | eval error=case(status = 200, "OK", status = 404, "Not found", true(), "Other") The following example shows how to use the true() function to provide a default to the case function. In the following example, the cidrmatch function is used as the first argument in the if function. You can specify a function as an argument to another function. If you want to append the literal string server at the end of the name, you would use dot notation like this in your search: name."server". ![]() For example, you have a field called name that contains the names of your servers. In other words, when the function syntax specifies a string you can specify any expression that results in a string. Literal strings must be enclosed in double quotation marks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |