conditional statements based on values with eval

shivareddysompa · ‎07-09-2020

i have date like below.

User Points gain

a 1004

b 900

c 850

d 700

e 600

i want to create new column based on Points gain like

if User got > 1000 then Expert, 850 to 1000 then Master, 700 to 850 average , <700 Slow

Thanks

richgalloway · ‎07-09-2020

You can do that with eval and case.

... | eval rank=case('Points gain'>1000, "Expert", 'Points gain'>=850, "Master", 'Points gain'>=700, "average", 1==1, "Slow")

---
If this reply helps you, Karma would be appreciated.

shivareddysompa · ‎07-09-2020

i tried same but not worked out here

richgalloway · ‎07-10-2020

It works here. What version of Splunk are you using?

| makeresults 
| eval _raw="User                        Points gain
a                                 1004
b                                  900
c                                  850
d                                  700
e                                  600" | multikv forceheader=1 | rename gain as "Points gain"
`comment("Above creates test data")`
| eval rank=case('Points gain'>1000, "Expert", 'Points gain'>=850, "Master", 'Points gain'>=700, "average", 1==1, "Slow")

---
If this reply helps you, Karma would be appreciated.

conditional statements based on values with eval

using Splunk Enterprise

Splunk Answers Content Calendar, June Edition II

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

Are you a member of the Splunk Community?

conditional statements based on values with eval

using Splunk Enterprise

Splunk Answers Content Calendar, June Edition II

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!