Splunk Search

How to evaluate to Field Value SPL?

mohsplunking
Path Finder

Hello Splunkers,

I need some help with writing a SPL, I have a field  called "DcPolicyAction" where the value could be 0 or 1, if its 0 I want to basically call it Successful and If its 1 it is Failure , can someone help me with the SPL syntax.  I dont want to use the stats command. Just a simple query that lists the field.

 

Thank you,

 

regards,

Moh.

Labels (1)
Tags (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
| eval DcActionValue=if(DcActionValue=0,"Successful","Failure")

View solution in original post

0 Karma

mohsplunking
Path Finder

Thanks ITWHisperer , Much Appreciated !

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| eval DcActionValue=if(DcActionValue=0,"Successful","Failure")
0 Karma
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...