Use of == with or operator

arabhi — Fri, 05 Jun 2020 23:11:50 GMT

I want to compare some data with fields and then rename the data matched with fields. Since we have large set of data and comparing of all those data with fields it makes query bulky. Can anyone give efficient code for this??

Example: stats count(eval(fieldname=="some data" OR fieldname=="some data")) as XYZ count(eval(fieldname=="some data" OR fieldname=="some data" OR fieldname=="some data" fieldname=="some data" fieldname=="some data"fieldname=="some data"fieldname=="some data"fieldname=="some data"fieldname=="some data")) as ABC..............by fieldname

Re: Use of == with or operator

to4kawa — Sun, 24 May 2020 00:00:27 GMT

make CSV for lookup and use lookup command
and aggregate the output

Re: Use of == with or operator

PavelP — Sun, 24 May 2020 11:46:34 GMT

Hello @arabhi,

 stats count(eval(fieldname IN ("value1", "value2", "value3"))) AS XYZ

topic Use of == with or operator in Splunk Search

Use of == with or operator

Re: Use of == with or operator

Re: Use of == with or operator