Creates a new field by evaluating the provided expression. The eval string
must always start with an assignment (f=expr). The result is stored in a
field with that name. In an expression, it's possible to supply names of
fields, strings and numbers. The operators available are
==, !=, as well as
+, -, *, and
/ and parenthesized expressions.
In context of an eval() expression — unlike
filters — identifiers always denote field values. For example,
eval( is_warning= (loglevel==WARN) ) is most likely
wrong; you want to write (loglevel=="WARN"). The order
of evaluation of arguments is left to right.
Parameters
Accepts a statement to be evaluated.
Examples
Get response size in KB
eval(responsesize = responsesize / 1024)Add fields together
eval(c = a + b)Match a field to the timespan. Count should be per minute (not 5 minutes as the bucket span is)
timechart(method, span=5min) | eval(_count=_count/5)