Solved: Re: Replace severity values by respective levels

sidtalup27 · ‎11-01-2022

Hello,
In the events, the severity is captured as values between 1 to 10. I want to represent them as High, Low, Medium etc.

For example,
if the severity is between 1 and 3 as Low
if the severity is between 4 and 5 as Medium, and so on

Please advise on how to achieve this.

Thanks in advance.

richgalloway · ‎11-01-2022

Use an eval with the case function to map severity numbers to names.

| eval severity = case(severity>=1 AND severity<=3,"Low",
                       severity>=4 AND severity<=5,"Medium",
                       severity>5,"High")

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-01-2022

Use an eval with the case function to map severity numbers to names.

| eval severity = case(severity>=1 AND severity<=3,"Low",
                       severity>=4 AND severity<=5,"Medium",
                       severity>5,"High")

---
If this reply helps you, Karma would be appreciated.

How to replace severity values by respective levels?

chart

eval

stats

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?