Splunk Search

AND in If statement

rlautman
Path Finder

I have a set of logs showing order journeys between countries - I want to create a report that show the destination country of the order or, if the order is staying within the country of origin, will show this order as a local supply order. To assess whether the order is local supply I need to evaluate 2 fields, I have written if statements with an OR condition but I am not sure how to use an AND condition within the if statement - can anyone suggest how I would do this?

Tags (4)
0 Karma
1 Solution

rlautman
Path Finder

Ah I have spotted my own mistake, a simple matter of missing quotation marks around LocalSupply and External - I've managed to make the country display as LocalSupply, I'm now running 🙂

View solution in original post

0 Karma

Ayn
Legend

Are LocalSupply and External supposed to be field names or strings? Because right now you're referring to field names, so if those fields don't exist, you will get empty results.

rlautman
Path Finder

Ah I have spotted my own mistake, a simple matter of missing quotation marks around LocalSupply and External - I've managed to make the country display as LocalSupply, I'm now running 🙂

0 Karma

rlautman
Path Finder

This is the statement I've tried using, but the issue may not be with the AND:

eval OrderType=if((OriginCountry="IRL") AND (DestinationCountry="IRL"),LocalSupply,External) | stats count by OrderType

This query is currently showing no results.

Ideally I would like to have a report where I can show all orders and their origin countries within a specific time frame, and if they are 'Local Supply' the origincountry will be renamed Local Supply and all other orders will be displayed with their origincountry, but I'll walk before I run!

0 Karma

Ayn
Legend

Could you show examples? Without any other info I'd just say "just use AND instead of OR", but I'm guessing there's more to your question than that.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...