Solved: Calculated fields in an eval statement

bcarlson · ‎07-10-2013

Good Morning! I am trying to build calculated fields that will create a wireless roamer cost report. The report is based on a search of CDR's (Call Detail Records) The search provides me with User,Carrier_Name, and Total_Megabytes_Used.

I am trying to use calculated fields to add in the roamer cost.

eval Roamer_Cost = case(Carrier_Name=Bob Wireless,Total_Megabytes *.055,Carrier_Name=Jill Wireless,Total_Megabytes * .10,Carrier-Name=Home Wireless,Total Megabytes *.0)

The report could then be charted to provide me with a report by user showing cost of roaming on each Carrier_Name.

Any ideas how I can make this work? Or suggestions of other ways to skin this cat?

thanks
bob

asimagu · ‎07-10-2013

you need to use the case statement with the right syntax

eval Roamer_Cost=case(Carrier_Name=="Bob Wireles", Total_Megabytes_Used*0.055, ...and so on...)

then you need to pipe your search to this

chart sum(Roamer_Cost) over Carrier_Name by User

View solution in original post

asimagu · ‎07-10-2013

you need to use the case statement with the right syntax

eval Roamer_Cost=case(Carrier_Name=="Bob Wireles", Total_Megabytes_Used*0.055, ...and so on...)

then you need to pipe your search to this

chart sum(Roamer_Cost) over Carrier_Name by User

bcarlson · ‎07-11-2013

asimagu, Thank You for the assistance! Bob

Calculated fields in an eval statement

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation