topic How do I combine two searches in an eval command? in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-do-I-combine-two-searches-in-an-eval-command/m-p/613268#M213131 <P>Hello,</P> <P>How do I combine two searches in an eval command? In the example below, I'm trying to create a value for "followup_live_agent" and "caller_silence" values. Splunk is telling me this query is invalid.&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="markup">index=conversation sourcetype=cui-orchestration-log botId=123456 | eval AgentRequests=if(match(intent, "followup_live_agent" OR "caller_silence"), 1, 0)</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Any help is much appreciated!&nbsp;</P> Thu, 15 Sep 2022 16:58:12 GMT KyleMcDougall 2022-09-15T16:58:12Z How do I combine two searches in an eval command? https://community.splunk.com/t5/Splunk-Search/How-do-I-combine-two-searches-in-an-eval-command/m-p/613268#M213131 <P>Hello,</P> <P>How do I combine two searches in an eval command? In the example below, I'm trying to create a value for "followup_live_agent" and "caller_silence" values. Splunk is telling me this query is invalid.&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="markup">index=conversation sourcetype=cui-orchestration-log botId=123456 | eval AgentRequests=if(match(intent, "followup_live_agent" OR "caller_silence"), 1, 0)</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Any help is much appreciated!&nbsp;</P> Thu, 15 Sep 2022 16:58:12 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-combine-two-searches-in-an-eval-command/m-p/613268#M213131 KyleMcDougall 2022-09-15T16:58:12Z Re: Combing values in an eval match command https://community.splunk.com/t5/Splunk-Search/How-do-I-combine-two-searches-in-an-eval-command/m-p/613275#M213133 <P>The <FONT face="courier new,courier">match</FONT> function does not accept boolean expressions - only expects strings and fields containing strings.&nbsp; Try breaking it into 2 <FONT face="courier new,courier">match</FONT> calls.</P><P>&nbsp;</P><LI-CODE lang="markup">index=conversation sourcetype=cui-orchestration-log botId=123456 | eval AgentRequests=if(match(intent, "followup_live_agent") OR match(intent, "caller_silence"), 1, 0)</LI-CODE><P>&nbsp;</P> Thu, 15 Sep 2022 16:54:41 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-combine-two-searches-in-an-eval-command/m-p/613275#M213133 richgalloway 2022-09-15T16:54:41Z