- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
scout29
Path Finder
09-18-2024
09:27 AM
I am trying to create a new field called "description" that contains values from two other existing fields.
If field "app" is equal to linux than i want to combine existing fields "host" and "alert_type".
If field "app" is equal to windows than i want to combine existing field values "host" and "severity"
If app equals anything else, i want the value to be false.
Below is the eval i have, buts its not working:
| eval description=if('app'=="linux", host. "-" .alert_type', 'app'==windows, host. "-" .severity, "false")
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dural_yyz
Motivator
09-18-2024
09:31 AM
| eval description=if('app'=="linux", host. "-" .alert_type', 'app'==windows, host. "-" .severity, "false")You didn't nest the second IF statement
| eval description=if('app'=="linux", host. "-" .alert_type',if('app'==windows, host. "-" .severity, "false"))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dural_yyz
Motivator
09-18-2024
09:31 AM
| eval description=if('app'=="linux", host. "-" .alert_type', 'app'==windows, host. "-" .severity, "false")You didn't nest the second IF statement
| eval description=if('app'=="linux", host. "-" .alert_type',if('app'==windows, host. "-" .severity, "false"))
