Entries by

Harnessing Ingest-Time Eval Fields

Anyone who is familiar with writing search queries in Splunk would admit that eval is one of the most regularly used commands in their SPL toolkit. It’s up there in the league of stats, timechart, and table. For the uninitiated, eval, just like in any other programming context, evaluates an expression and returns the result. […]