Other Usage
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Spl

revanthammineni
Path Finder
‎02-23-2023 07:40 PM

Hi Splunkers,

I'm working on two conditions where I need to use condition eval statement. Some filters that I need to add for every condition before I do eval. Please help me in achieving this.


Condition 1:
Filters to be applied before:
id is not "N/A"  AND risk="Critical" AND risk_factor="critical"
After satisfying above conditions, I have to create a field called score.
eval score=IF(insurance="Y",  instate="Y", age_requirements="y",  30, 60)

Condition 2:
Filters to be applied before:
id is not "N/A"  AND risk="Critical" AND risk_factor="high"
After satisfying above conditions. Add to the newly existing field "score"
eval score=IF(insurance="Y",  instate="Y", age_requirements="y",  60, 90)


TIA.

Labels (2)
Tags (3)
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-23-2023 08:01 PM

Hi @revanthammineni,

Your conditions are very similar but else values are overwriting. You can use below to give an idea.

| eval score=if(searchmatch(insurance="Y" instate="Y" age_requirements="y" id!="N/A" risk="Critical" risk_factor="critical" ), 30, 60)
| eval score=if(searchmatch(insurance="Y" instate="Y" age_requirements="y" id!="N/A" risk="Critical" risk_factor="high" ), 60, 90)
If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...