![]() Takes a list of conditions and values and returns the value that corresponds to the condition that evaluates to FALSE. Returns TRUE if the event matches the search string. This function takes no arguments and returns NULL.Ĭompares the values in two fields and returns NULL if the value in is equal to the value in. Returns TRUE if the regular expression finds a match against any substring of the string value. The lookup() function is available only to Splunk Enterprise users. Returns the output field or fields in the form of a JSON object. Returns TRUE if one of the values in the list matches a value that you specify. If the expression evaluates to TRUE, returns the, otherwise the function returns the. Takes one or more values and returns the first value that is not NULL. Returns TRUE when an IP address,, belongs to a particular CIDR subnet. Returns the first value for which the condition evaluates to TRUE. Use the links in the table to learn more about each function and to see examples.Īccepts alternating conditions and values. This table provides a brief description for each function. The following table is a quick reference of the supported evaluation functions, organized by category. There are two ways that you can see information about the supported evaluation functions: | eval error=case(status = 200, "OK", status = 404, "Not found", true(), "Other") The following example shows how to use the true() function to provide a default to the case function. In the following example, the cidrmatch function is used as the first argument in the if function. You can specify a function as an argument to another function. If you want to append the literal string server at the end of the name, you would use dot notation like this in your search: name."server". For example, you have a field called name that contains the names of your servers. In other words, when the function syntax specifies a string you can specify any expression that results in a string. Literal strings must be enclosed in double quotation marks. ![]() All functions that accept numbers can accept literal numbers or any numeric field.įor most evaluation functions, when a string argument is expected, you can specify either a literal string or a field name.All functions that accept strings can accept literal strings or any field.You can use evaluation functions with the eval, fieldformat, and where commands, and as part of eval expressions with other commands. Section for a quick reference list of the evaluation functions. Use the evaluation functions to evaluate an expression, based on your events, and return a result.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |