Splunk® Data Stream Processor

Function Reference

On April 3, 2023, Splunk Data Stream Processor will reach its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor. For documentation on the most recent version, go to the latest release.

Comparison

eq

Compares the left and right arguments and returns true if they are equal and false if they are not. It returns null if the arguments are not comparable.

Function Input
Left: T
Right: T
Function Output
boolean

DSL example

Returns events where timestamp is equal to 0. 

eq(get("timestamp"), "0");

gt

Compares the left and right arguments and returns true if the left is greater than the right and false if it is less. It returns null the arguments are not comparable.

Function Input
Left: T
Right: T
Function Output
boolean

DSL example

Returns events where the field "count" is greater than 10. 

gt(get("count"), "10");

gte

Compares the left and right arguments and returns true if the left is greater than or equal to the right and false if it is not. It returns null if the arguments are not comparable.

Function Input
Left: T
Right: T
Function Output
boolean

DSL example

Returns events where the field "nanos" is greater than or equal to 5. 

gte(get("nanos"), "5");

lt

Compares the left and right arguments and returns true if the left is less than the right and false if it is greater. It returns null if the arguments are not comparable.

Function Input
Left: T
Right: T
Function Output
boolean

DSL example

Returns events where the field "count" is less than 10000. 

lt(get("count"), 10000);

lte

Compares the left and right arguments and returns true of the left is less than or equal to the right and false if it is not. It returns null if the arguments are not comparable.

Function Input
Left: T
Right: T
Function Output
boolean

DSL example

Returns events where the timestamp is less than epoch-time 1554240547. 

lte(get("timestamp", 1554240547);
Last modified on 02 January, 2020
Boolean   Conditional

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters