Solved: How do i compare the field values in my search?

guna1390 · ‎01-05-2017

I have a field here like total_time which has 100+ values (0.125,2.25,etc).

I want the result like the field total_time values which are greater than 10.

my search is search_command | eval responsetime=if(total_time>20, "Yes", "No")

BUT the above search is taken as a count and showing the results.

somesoni2 · ‎01-05-2017

Are you trying to filter to keep only the events/records for which the total_time value is greater than 10?? If yes, the try like this

search_command | where total_time>10

If not then probably more details here would help, like expected output.

somesoni2 · ‎01-05-2017

Are you trying to filter to keep only the events/records for which the total_time value is greater than 10?? If yes, the try like this

search_command | where total_time>10

If not then probably more details here would help, like expected output.

guna1390 · ‎01-05-2017

Thanks.

It works for me.

How do i compare the field values in my search?