Solved: Re: How to edit my eval statement to resolve "Erro...

marina_rovira · ‎06-20-2016

Hello all,

I'm trying to filter some event by their Summary. I just want to distinguish when they have the word Maintenance and catalogue the rest as "other".

My eval statement is this:

eval camp = if(match(Summary,"*Planned*"),"mainten","other") | top limit=50 Summary,camp

I'm trying with Planned because if I put "maintenance", I get this error:

Error in 'eval' command: Regex: nothing to repeat

but there can be planned and emergency maintenances and I want all of them as the same group.

Any idea why and how can I resolve this error?

Thank you in advance.

renjith_nair · ‎06-20-2016

You don't need * in your match. Match matches the string with wild cards.

Try using

 eval camp = if(match(Summary,"Planned"),"mainten","other") | top limit=50 Summary,camp

Happy Splunking!

renjith_nair · ‎06-20-2016

You don't need * in your match. Match matches the string with wild cards.

Try using

 eval camp = if(match(Summary,"Planned"),"mainten","other") | top limit=50 Summary,camp

Happy Splunking!

marina_rovira · ‎06-20-2016

Thank you! 🙂 It works now

How to edit my eval statement to resolve "Error in 'eval' command: Regex: nothing to repeat"?