conditional statements based on values with eval

shivareddysompa · ‎07-09-2020

i have date like below.

User Points gain

a 1004

b 900

c 850

d 700

e 600

i want to create new column based on Points gain like

if User got > 1000 then Expert, 850 to 1000 then Master, 700 to 850 average , <700 Slow

Thanks

richgalloway · ‎07-09-2020

You can do that with eval and case.

... | eval rank=case('Points gain'>1000, "Expert", 'Points gain'>=850, "Master", 'Points gain'>=700, "average", 1==1, "Slow")

---
If this reply helps you, Karma would be appreciated.

shivareddysompa · ‎07-09-2020

i tried same but not worked out here

richgalloway · ‎07-10-2020

It works here. What version of Splunk are you using?

| makeresults 
| eval _raw="User                        Points gain
a                                 1004
b                                  900
c                                  850
d                                  700
e                                  600" | multikv forceheader=1 | rename gain as "Points gain"
`comment("Above creates test data")`
| eval rank=case('Points gain'>1000, "Expert", 'Points gain'>=850, "Master", 'Points gain'>=700, "average", 1==1, "Slow")

---
If this reply helps you, Karma would be appreciated.

conditional statements based on values with eval

using Splunk Enterprise

What You Read The Most: Splunk Lantern’s Most Popular Articles!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?

Are you a member of the Splunk Community?

conditional statements based on values with eval

using Splunk Enterprise

What You Read The Most: Splunk Lantern’s Most Popular Articles!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?