Solved: Re: Help with EVAL statement

efelder0 · ‎01-26-2012

I am extracting a field called "Severity" out of an XML data feed. and the values that are returned are severity 1, severity 2, severity 3, severity 4. I would like to re-assign the values to now say Low (instead of severity 1), Medium (instead of severity 2), High (instead of severity 3), Critical (instead of severity 4).

I am certain than an EVAL statement would work here, but not sure what the syntax is.

Any suggestions?

bojanz · ‎01-26-2012

This will work:

<your search> | eval Severity_string = case(Severity == 1, "Low", Severity == 2, "Medium", Severity == 3, "High", Severity == 4, "Critical")

Then just use Severity_string in table or whatever you use to display the results.

View solution in original post

bojanz · ‎01-26-2012

This will work:

<your search> | eval Severity_string = case(Severity == 1, "Low", Severity == 2, "Medium", Severity == 3, "High", Severity == 4, "Critical")

Then just use Severity_string in table or whatever you use to display the results.

Help with EVAL statement

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

Help with EVAL statement

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+