From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
Join today to access over 25,500 courses taught by industry experts.
The eval command - Splunk Tutorial
From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
The eval command
- Eval command. If there is one command that you will see over and over in your SPLs, it will be eval. This is where the SPL almost becomes like a high level programming language. As you'll see, eval provides many, many logical expressions to basically play with your data. It helps with manipulating and enhancing your search results. Ultimately, the eval commander creates a new field based on the expression that you provide. If the field already exists, that is the name that you used to create the field already exists, the value of the field will be overwritten by the expression. There are many, many built-in functions available with eval, mathematical, conditional conversion, and a lot more. You already saw in stats command, we can use many mathematical functions. Eval takes it to the next level by providing lots of logical and comparison constructs, including mathematical functions. Here is a basic usage of eval. In this example, eval basically creates a new field called Kbytes, by…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.