https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134498#M36763 <P>Resulting into something like this</P> <P>... | eval totalVolumeGB=if(totalVolumeGB=="0" &amp;&amp; index=summary_*,maxTotalDataSizeMB*23/1024,totalVolumeGB)</P> <P>... | eval totalVolumeGB=if(totalVolumeGB=="0" &amp;&amp; index!=summary_*,maxTotalDataSizeMB*10/1024,totalVolumeGB)</P> Mon, 28 Sep 2020 16:24:33 GMT bleung93 2020-09-28T16:24:33Z https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134497#M36762 <PRE><CODE>... | eval totalVolumeGB=if(totalVolumeGB=="0",maxTotalDataSizeMB*23/1024,totalVolumeGB) </CODE></PRE> <P>How would I add in another argument inside the if function?</P> <P>I want to apply the above search query in 2 different situations. By including <CODE>"index=summary_*"</CODE> and <CODE>"index!=summary_*"</CODE> essentially have 2 evals.</P> <P>I have already tried inserting the following</P> <PRE><CODE>if(totalVolumeGB=="0" &amp;&amp; index=summary_*,maxTotalDataSizeMB*23/1024,totalVolumeGB) </CODE></PRE> <P>but did not eval correctly. What are some options I can do?</P> Wed, 16 Apr 2014 22:04:06 GMT https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134497#M36762 bleung93 2014-04-16T22:04:06Z https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134498#M36763 <P>Resulting into something like this</P> <P>... | eval totalVolumeGB=if(totalVolumeGB=="0" &amp;&amp; index=summary_*,maxTotalDataSizeMB*23/1024,totalVolumeGB)</P> <P>... | eval totalVolumeGB=if(totalVolumeGB=="0" &amp;&amp; index!=summary_*,maxTotalDataSizeMB*10/1024,totalVolumeGB)</P> Mon, 28 Sep 2020 16:24:33 GMT https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134498#M36763 bleung93 2020-09-28T16:24:33Z https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134499#M36764 <P>I tried following the template in <A href="http://answers.splunk.com/answers/101356/and-in-if-statement" target="_blank">http://answers.splunk.com/answers/101356/and-in-if-statement</A></P> <P>| eval totalVolumeGB=if((totalVolumeGB=="0")AND(index!=summary_<EM>),maxTotalDataSizeMB*10/1024,totalVolumeGB)<BR /> | eval totalVolumeGB=if((totalVolumeGB=="0")AND(index==summary_</EM>),maxTotalDataSizeMB*23/1024,totalVolumeGB)</P> <P>Got an error banner stating as below... <BR /> "Error in 'eval' command: The expression is malformed. An unexpected character is reached at '),maxTotalDataSizeMB*10/1024,totalVolumeGB)'."</P> Mon, 28 Sep 2020 16:24:35 GMT https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134499#M36764 bleung93 2020-09-28T16:24:35Z https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134500#M36765 <P>You cannot use the asterisk character like that, <CODE>eval</CODE> interprets it as multiplication and complains about not finding the second factor. Try this:</P> <PRE><CODE>... | eval totalVolumeGB = if(totalVolumeGB=="0" AND NOT match(index, "^summary_"), maxTotalDataSizeMB*23/1024, totalVolumeGB) </CODE></PRE> Wed, 16 Apr 2014 22:53:58 GMT https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134500#M36765 martin_mueller 2014-04-16T22:53:58Z https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134501#M36766 <P>This fixed it up. Thanks for the much needed help Martin.</P> Wed, 16 Apr 2014 23:00:28 GMT https://community.splunk.com/t5/Splunk-Search/Eval-if-function-with-2-arguments/m-p/134501#M36766 bleung93 2014-04-16T23:00:28Z