Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create Conditional statements with foreach?

allanrm
Observer
‎02-21-2023 10:18 PM

Hi there -  trying to get foreach statement to apply conditional statement. Essentialy in the eval statement tried a variety of if with options like IN statements (or alternatively but less preferably a long OR to replace the IN statement )-  but frankly not having any luck.

 foreach Perc_In* [ eval Out_Of_Norm_For<<MATCHSTR>>=if(IN(<<MATCHSTR>>,"_Range_4","_RANGE_4_to_6"),"Consider","Ignore") ] 

If the <<matchstr>> falls in the set of values "_Range_4" or  "_RANGE_4to_6", then the new field  Out_Of_Norm_For<<MATCHSTR>> should take a value of consider - else it takes a value of Ignore

Labels (1)
Labels
Tags (2)
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎02-21-2023 10:36 PM

Quote the <<MATCHSTR>>

| makeresults
| eval Perc_In_Range_4=100
| eval Perc_In_Range_4_to_6=11
| eval Perc_In_RANGE_4_to_6=22
| foreach Perc_In* [ eval Out_Of_Norm_For<<MATCHSTR>>=if(IN("<<MATCHSTR>>","_Range_4","_RANGE_4_to_6"),"Consider","Ignore") ]

Note that the IN in eval will be case sensitive, i.e. Perc_In_Range_4_to_6 will be "Ignore"

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...