I have search output wherein in field DB_NotBackedup has 3 values:
1- null value
2- value greater than 3
3- value less than 3

I need out of Backup_Status output missed if 'DB_NotBackedup' has null, Failed if 'DB_NotBackedup' has >3, and success if 'DB_NotBackedup' and < 3

Can anyone help me here?

index=* sourcetype=conf host=*
| join type=outer max=0 host [search index=tsm sourcetype="tsm-client-log" host=* "Total Domino databases inspected"
| rex field=_raw "^(?:[^:\n]*:){3}\s+(?P.+)"]
| convert num(Total_Databases)
| table _time host Total_Databases
| join type=outer max=0 host [search index=tsm sourcetype="tsm-client-log" host=* "Total Domino databases backed up"
| rex field=_raw "^(?:[^:\n]*:){3}\s+(?P.+)"]
| convert num(DB_Backedup)
| dedup host
| table _time host Total_Databases DB_Backedup
| eval DB_NotBackedup = (Total_Databases - DB_Backedup)
| eval BackupDate=strftime(_time, "%Y/%m/%d")
| table BackupDate host Total_Databases DB_Backedup DB_NotBackedup
| eval Backup_Status=case(DB_NotBackedup=null, missed, DB_NotBackedup>3, failed, 1=1, Success)
| table Backup_Status host Total_Databases DB_Backedup DB_NotBackedup