Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a table based if condition result?

Premkumarpalani
New Member
‎03-04-2015 10:29 PM

i wanna know how to display the result after specifying an if condition.
the sample search is like :

index=xyz | order="0000" | eval Order_status=if(order!=0,"found","not found") | .....

after this condition, if order=found, I need to display a table with few fields....please help me to solve this.

Tags (3)
0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎03-04-2015 10:50 PM

Hi Premkumarpalanichamy,

something like this works perfect for me:

index=_internal  | head 1 | eval order="0000" | eval Order_status=if(order!="0","found","not found") | table Order_status order | where Order_status="found"

adapt it to your needs.

cheers, MuS

Reply
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!