Eval & 404 error code search Splunk Commands example:
index ="main" | status ="404" | top limit = 50 url
Naming concatenation:
index ="main" | eval new_field = 'Firstname' + 'LastName' | table "Firstname" + "Lastname", new_field
. for integer concatenation.
index ="main" | eval new_field = 'Firstname' + 'LastName'.100 | table "Firstname" + "Lastname", new_field
override:
index = "main"| eval "firstname" = 'Firstname'.100 | table "firstname"
index ="main" | eval F1 = "Karthik", F2 = "Sid" | table "F1","F2"
Comments
Post a Comment