Splunk Enterprise

How to set a Field Value to "True OR False" based on other Field value

beriwalnishant
Path Finder

Hi Team,

I have a situation where I need to base a field value in the normal search query on 'true' or 'false' based on another field

example :

index=xxx host=xxx sourcetype=xxx productcode="RE" countryid="74321" 

what I need is that if the field 'countryid' is equal to '74321' the other field 'foundincache' set to only 'false' if not it should be set to 'true'


I tried something like this but it doesnt take the value from 'inscache'.  I mean inscache is not working as a variable 

index=xxx host=xxx sourcetype=xxx productcode="RE" countryid="74321" 
| eval countryid="70207"
| eval inscache=if(countryid=="70207","false","true")
| search foundincache=inscache
| stats count by foundincache

Is there a way to do it I tried google search etc but cant find this anywhere

Many thanks in adavance 
Nishant


 

Labels (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

Search doesn't work with variables on the right hand side of evaluations, use the where command instead

| where foundincache==inscache

View solution in original post

ITWhisperer
SplunkTrust
SplunkTrust

Search doesn't work with variables on the right hand side of evaluations, use the where command instead

| where foundincache==inscache

beriwalnishant
Path Finder

OMG, this is truly amazing, incredible, superb.

I had no idea it be that simple.

 

thanks thanks thanks and thanks a lot @ITWhisperer 

 

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...