Solved: Re: Replace severity values by respective levels

sidtalup27 · ‎11-01-2022

Hello,
In the events, the severity is captured as values between 1 to 10. I want to represent them as High, Low, Medium etc.

For example,
if the severity is between 1 and 3 as Low
if the severity is between 4 and 5 as Medium, and so on

Please advise on how to achieve this.

Thanks in advance.

richgalloway · ‎11-01-2022

Use an eval with the case function to map severity numbers to names.

| eval severity = case(severity>=1 AND severity<=3,"Low",
                       severity>=4 AND severity<=5,"Medium",
                       severity>5,"High")

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-01-2022

Use an eval with the case function to map severity numbers to names.

| eval severity = case(severity>=1 AND severity<=3,"Low",
                       severity>=4 AND severity<=5,"Medium",
                       severity>5,"High")

---
If this reply helps you, Karma would be appreciated.

How to replace severity values by respective levels?

chart

eval

stats

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Join the Conversation