I am trying to calculate a field from a data that I receive from a vulnerability system.
severity field returns "unknown" which screws my dashboards.
I want to eval a field `'category' and if it equals INFO, set field 'severity' to Informational
search ... | eval severity=if(category,"INFO","Informational")
Ok I got here....
| eval severity=if(category=="INFO","informational", " ")
What should my last argument be if I want the severity to stay unmodified if it does not equal INFO ?
Try to assign it back to itself then if u want it to stay unmodified:
| eval severity=if(category=="INFO","informational", severity)