Solved: Re: Check to see if value is in a field if not get...

MeMilo09 · ‎05-18-2021

Hello,

How can I check to see if value is in one field first, if not check the next field?

I have so far the below, it works, but I would like to use an if statement to check if team_name is in Blue first and if not then get the team_name from Red.

| eval Team_Color=case(team=“Blue”, team_name OR team=“Red”, team_name)

any advice on how to use if statement instead of case?

dave_null · ‎05-18-2021

Yeah just nest them:

| eval Team_Color=if(<check 1>, <value if check1 true> , if( <check 2> , <value if check2 true>, <value if both false>))

E.g.

| eval Team_Color = if(team="Blue", team_name, if(team="Red",team_name, ""))

View solution in original post

dave_null · ‎05-18-2021

Yeah just nest them:

| eval Team_Color=if(<check 1>, <value if check1 true> , if( <check 2> , <value if check2 true>, <value if both false>))

E.g.

| eval Team_Color = if(team="Blue", team_name, if(team="Red",team_name, ""))

Check to see if value is in a field if not get from next field

eval

stats

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Are you a member of the Splunk Community?