https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/560765#M159381 <P>I have a non numerical field (text), and I want to create an enum field.&nbsp;</P><P>Meaning that I will have a new field with numerical values that match the text values of the original field.&nbsp;</P><P>Thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 26 Jul 2021 11:42:06 GMT ndd 2021-07-26T11:42:06Z https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/560765#M159381 <P>I have a non numerical field (text), and I want to create an enum field.&nbsp;</P><P>Meaning that I will have a new field with numerical values that match the text values of the original field.&nbsp;</P><P>Thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 26 Jul 2021 11:42:06 GMT https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/560765#M159381 ndd 2021-07-26T11:42:06Z https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/560768#M159382 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/236806">@ndd</a>&nbsp;</P><P>Can you please explain more with example like sample value of&nbsp;<SPAN>non numerical field and expected&nbsp;results from that field.</SPAN></P><P><SPAN>KV</SPAN></P> Mon, 26 Jul 2021 11:49:20 GMT https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/560768#M159382 kamlesh_vaghela 2021-07-26T11:49:20Z https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/560769#M159383 <P>Sure.&nbsp;</P><P>Assume the following table</P><TABLE border="1" width="100%"><TBODY><TR><TD width="25%" height="25px"><STRONG>Id</STRONG></TD><TD width="12.5%" height="25px"><STRONG>Message</STRONG></TD><TD width="12.5%" height="25px"><STRONG>...</STRONG></TD></TR><TR><TD width="25%" height="25px">1</TD><TD width="12.5%" height="25px">Success</TD><TD width="12.5%" height="25px">...</TD></TR><TR><TD width="25%" height="25px">2</TD><TD width="12.5%" height="25px">Fail</TD><TD width="12.5%" height="25px">...</TD></TR><TR><TD width="25%" height="25px">3</TD><TD width="12.5%" height="25px">Error</TD><TD width="12.5%" height="25px">...</TD></TR><TR><TD width="25%" height="25px">4</TD><TD width="12.5%" height="25px">Success</TD><TD width="12.5%" height="25px">...</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>I want to get another field that will automatically assign a number to each message. (This number can be a random number or serial, what is important for me is that the numerical values from the new field correlate to the "message" field.&nbsp;</P><TABLE border="1" width="75%"><TBODY><TR><TD width="25%" height="25px"><STRONG>Id</STRONG></TD><TD width="25%" height="25px"><STRONG>Message</STRONG></TD><TD width="12.5%" height="25px"><STRONG>(New Field)</STRONG></TD><TD width="12.5%" height="25px"><STRONG>...</STRONG></TD></TR><TR><TD width="25%" height="25px">1</TD><TD width="25%" height="25px">Success</TD><TD width="12.5%" height="25px">1</TD><TD width="12.5%" height="25px">...</TD></TR><TR><TD width="25%" height="25px">2</TD><TD width="25%" height="25px">Fail</TD><TD width="12.5%" height="25px">2</TD><TD width="12.5%" height="25px">...</TD></TR><TR><TD width="25%" height="25px">3</TD><TD width="25%" height="25px">Error</TD><TD width="12.5%" height="25px">3</TD><TD width="12.5%" height="25px">...</TD></TR><TR><TD width="25%" height="25px">4</TD><TD width="25%" height="25px">Success</TD><TD width="12.5%" height="25px">1</TD><TD width="12.5%" height="25px">...</TD></TR></TBODY></TABLE> Mon, 26 Jul 2021 12:04:44 GMT https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/560769#M159383 ndd 2021-07-26T12:04:44Z https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/560781#M159386 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/236806">@ndd</a>&nbsp;</P><P>Can you please try this?</P><LI-CODE lang="markup">YOUR_SEARCH | eval anotherField=case(Message="Success",1,Message="Fail",2,Message="Error",3)</LI-CODE><P>&nbsp;</P><P><STRONG>My Sample Search :</STRONG></P><LI-CODE lang="markup">| makeresults | eval _raw="Id Message ... 1 Success ... 2 Fail ... 3 Error ... 4 Success" | multikv forceheader=1 | table Id Message | eval anotherField=case(Message="Success",1,Message="Fail",2,Message="Error",3)</LI-CODE><P><BR />&nbsp;Thanks<BR />KV<BR />▄︻̷̿┻̿═━一 &nbsp; ?<BR /><BR />If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.</P> Mon, 26 Jul 2021 12:45:11 GMT https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/560781#M159386 kamlesh_vaghela 2021-07-26T12:45:11Z https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/561618#M195364 <P>Hi KV,&nbsp;</P><P>Actually I am looking to&nbsp;<SPAN>automatically assign the number.&nbsp;</SPAN></P><P><SPAN>I have around 100 values of "message" therefore a "case when" type solution does not work here.&nbsp;</SPAN></P><P><SPAN>The number that is assigned can be random, what is important is to be able to correlate between logs according to this new number field. </SPAN></P><P><SPAN>Is there a solution for this?</SPAN></P><P>Thanks!</P> Sun, 01 Aug 2021 10:22:38 GMT https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/561618#M195364 ndd 2021-08-01T10:22:38Z https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/561619#M195365 <LI-CODE lang="markup">| makeresults | eval _raw="Id Message ... 1 Success ... 2 Fail ... 3 Error ... 4 Success" | multikv forceheader=1 | table Id Message | eventstats values(Message) as enum_key | eval enum=mvfind(enum_key,Message) | table Id Message enum</LI-CODE> Sun, 01 Aug 2021 10:33:41 GMT https://community.splunk.com/t5/Splunk-Search/Enum-for-non-numerical-values/m-p/561619#M195365 ITWhisperer 2021-08-01T10:33:41Z