How to create Conditional statements with foreach?

allanrm · ‎02-21-2023

Hi there - trying to get foreach statement to apply conditional statement. Essentialy in the eval statement tried a variety of if with options like IN statements (or alternatively but less preferably a long OR to replace the IN statement )- but frankly not having any luck.

 foreach Perc_In* [ eval Out_Of_Norm_For<<MATCHSTR>>=if(IN(<<MATCHSTR>>,"_Range_4","_RANGE_4_to_6"),"Consider","Ignore") ]

If the <<matchstr>> falls in the set of values "_Range_4" or "_RANGE_4to_6", then the new field Out_Of_Norm_For<<MATCHSTR>> should take a value of consider - else it takes a value of Ignore

bowesmana · ‎02-21-2023

Quote the <<MATCHSTR>>

| makeresults
| eval Perc_In_Range_4=100
| eval Perc_In_Range_4_to_6=11
| eval Perc_In_RANGE_4_to_6=22
| foreach Perc_In* [ eval Out_Of_Norm_For<<MATCHSTR>>=if(IN("<<MATCHSTR>>","_Range_4","_RANGE_4_to_6"),"Consider","Ignore") ]

Note that the IN in eval will be case sensitive, i.e. Perc_In_Range_4_to_6 will be "Ignore"

How to create Conditional statements with foreach?

data

Splunk Classroom Chronicles: Training Tales and Testimonials

Access Tokens Page - New & Improved

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!