https://community.splunk.com/t5/Splunk-Search/Logic-for-looped-if-greater-than-statement/m-p/574525#M200217 <P>Maybe you can clarify what is expected from this "nested loop" and how is results from the logic you created so far different from the expectation?</P><P>By the way, the last if() statement in your illustration is incomplete in syntax. &nbsp;It should be something like</P><P>| eval Then_Set=if(ABC&gt;2500,strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y"), "none")</P><P>For example,</P><P>&nbsp;</P><LI-CODE lang="markup">| makeresults | eval ABC="2800", DEF="3", GHI="5" | eval rel_Time="11102021" | eval Epoch_Time=strpTime(rel_Time,"%m%d%Y") | eval Human_readable=strfTime(Epoch_Time, "%B %d, %Y") | eval Service=if(ABC&gt;2500, "Send Alert", "No Alert") | eval Add_1Day=strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y") | eval Then_Set=if(ABC&gt;2500,strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y"), "none") | table Service Epoch_Time Human_readable Add_1Day Then_Set</LI-CODE><P>&nbsp;</P><P>gets you</P><TABLE><TBODY><TR><TD>Service</TD><TD>Epoch_Time</TD><TD>Human_readable</TD><TD>Add_1day</TD><TD>Then_Set</TD></TR><TR><TD>Send Alert</TD><TD>1636531200.000000</TD><TD>November 10, 2021</TD><TD>November 11, 2021</TD><TD>November 11, 2021</TD></TR></TBODY></TABLE> Thu, 11 Nov 2021 06:43:31 GMT yuanliu 2021-11-11T06:43:31Z https://community.splunk.com/t5/Splunk-Search/Logic-for-looped-if-greater-than-statement/m-p/574521#M200215 <P>Hey There,&nbsp;</P><P>Below I have a field in where ABC &gt; 2500 cuz the value is actually 2800. So then If ABC&gt;than 2500 add 1 day to the Human_readable field. I have already created the logic to adding 1 day to the Human_readable field.... Question now is how can I write the logic for it in a nested loop? So If ABC&gt;2500 add 1 day to human readable.&nbsp;<BR /><BR />This is my logic that I have thus far:<BR /><BR />| eval Then_Set=if(ABC&gt;2500,strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y")<BR /><BR />This is what I have so far:</P><LI-CODE lang="markup">| makeresults | eval ABC="2800", DEF="3", GHI="5" | eval rel_Time="11102021" | eval Epoch_Time=strpTime(rel_Time,"%m%d%Y") | eval Human_readable=strfTime(Epoch_Time, "%B %d, %Y") | eval Service=if(ABC&gt;2500, "Send Alert", "No Alert") | eval Add_1Day=strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y") | eval Then_Set=if(ABC&gt;2500,strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y") | table Service Epoch_Time Human_readable Add_1Day Then_Set</LI-CODE><P><BR /><BR /></P> Thu, 11 Nov 2021 06:08:52 GMT https://community.splunk.com/t5/Splunk-Search/Logic-for-looped-if-greater-than-statement/m-p/574521#M200215 MeMilo09 2021-11-11T06:08:52Z https://community.splunk.com/t5/Splunk-Search/Logic-for-looped-if-greater-than-statement/m-p/574525#M200217 <P>Maybe you can clarify what is expected from this "nested loop" and how is results from the logic you created so far different from the expectation?</P><P>By the way, the last if() statement in your illustration is incomplete in syntax. &nbsp;It should be something like</P><P>| eval Then_Set=if(ABC&gt;2500,strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y"), "none")</P><P>For example,</P><P>&nbsp;</P><LI-CODE lang="markup">| makeresults | eval ABC="2800", DEF="3", GHI="5" | eval rel_Time="11102021" | eval Epoch_Time=strpTime(rel_Time,"%m%d%Y") | eval Human_readable=strfTime(Epoch_Time, "%B %d, %Y") | eval Service=if(ABC&gt;2500, "Send Alert", "No Alert") | eval Add_1Day=strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y") | eval Then_Set=if(ABC&gt;2500,strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y"), "none") | table Service Epoch_Time Human_readable Add_1Day Then_Set</LI-CODE><P>&nbsp;</P><P>gets you</P><TABLE><TBODY><TR><TD>Service</TD><TD>Epoch_Time</TD><TD>Human_readable</TD><TD>Add_1day</TD><TD>Then_Set</TD></TR><TR><TD>Send Alert</TD><TD>1636531200.000000</TD><TD>November 10, 2021</TD><TD>November 11, 2021</TD><TD>November 11, 2021</TD></TR></TBODY></TABLE> Thu, 11 Nov 2021 06:43:31 GMT https://community.splunk.com/t5/Splunk-Search/Logic-for-looped-if-greater-than-statement/m-p/574525#M200217 yuanliu 2021-11-11T06:43:31Z https://community.splunk.com/t5/Splunk-Search/Logic-for-looped-if-greater-than-statement/m-p/574670#M200263 <P>Thanks, basically it was my syntax that was throwing me off... since I had:<BR /><BR /><SPAN>| eval Then_Set=if(ABC&gt;2500,strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y")</SPAN><BR /><BR />I was not sure of the syntax therefore I was not seeing expected results - and you demonstrated the correct syntax:<BR /><BR /></P><PRE>| eval Then_Set=if(ABC&gt;2500,strftime(strptime(Human_readable,"%B %d, %Y") +86400, "%B %d, %Y"), "none")</PRE> Thu, 11 Nov 2021 23:02:57 GMT https://community.splunk.com/t5/Splunk-Search/Logic-for-looped-if-greater-than-statement/m-p/574670#M200263 MeMilo09 2021-11-11T23:02:57Z