Documentation > Splunk > Search Reference > mappy

Search Reference

 


Introduction
Search Overview
Search Reference Overview
Search Commands and Functions
Search Command Reference
Custom Search Commands
Internal Search Commands
Search in the CLI

mappy

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

mappy

This command is experimental and not currently supported by Splunk.

Synopsis

Similar to the eval operator, calls the python expression for each result, calculating the outfield. Uses python to evaluate.

Syntax

mappy <outfield> = <python expression>

Arguments

outfield
Syntax: <field>
Description: Specify a field name to save the output of the Python expression.
python expression
Syntax: <python expression>
Description: An expression that uses a Python operation to calculate the result.

Description

The mappy command, which stands for 'map Py(thon)', is used similar to the eval operator. The difference is that mappy uses the Python to evaluate the expression and calculate the output field.

It includes convenient packages for most common operations, such as re, sys, math, random, datetime, time, xml, lxml, StringIO, lxml.etree, platform, hashlib, difflib, base64, xml.sax.saxutils,etree. Does not allow Python expressions containing "open", "write", "read", or "import".

Examples

Example 1: Calculate math:

... | mappy score = int(_time) * random.randint(1,5)

Example 2: Similar to iconify:

... | mappy _icon = "hashlib.md5(_raw).hexdigest()"

Example 3: Data cleaning, make sure the value of the department field is one of the valid choices.

... | mappy department = "difflib.get_close_matches(department, ['engineering', 'marketing', 'sales'], cutoff=0)[0]"

Example 4: Anonymize email addresses.

... | mappy _raw = "re.sub('(?i)([a-z0-9.-]+@[a-z0-9.-]+)', 'user@company.com', _raw)"

Example 5: Xpath extractions.

... | mappy author = etree.parse(StringIO.StringIO(_raw)).xpath("//bookstore/boot/@author")'

See also

extract, iconify, reducepy, rex, xmlkv, xpath, xmlunescape

Answers

Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the mappy command.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3/SearchReference/Mappy"

This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!