This is the real answer. thanks this fixed the issue. you are a regex guru. thanks again

I see now, / characters where removed

OK I think I understand well not relay

So if I want to use case to get a variable named siteName and I have three possible sites identified by three possible IP’s I would normally use this

'| eval siteName = case (Destination_IP == "199.47.”, dropbox.com, Destination_IP == “85.17.30.", megadownload.net, Destination_IP == "195.122.131.*", rapidshare.com)'

But this isn’t working and the multiple matches are not working. Do you have any other suggestions for CASE

the second argument of match function is a regex and "^199.47..$" in you example is not equal with "^199.47..*$" as I had suggested

http://www.addedbytes.com/cheat-sheets/regular-expressions-cheat-sheet/

Opps the match doesn't seem to work in case
'| eval siteName = case(match(Destination_IP, "^199.47..$"), "dropbox.com",match(Destination_IP, "^85.17.30.$"), "megadownload.net",match(Destination_IP, "^195.122.131.*$"), "rapidshare.com")'

HURA you are brilliant thanks