Solved: Re: Replace severity values by respective levels

sidtalup27 · ‎11-01-2022

Hello,
In the events, the severity is captured as values between 1 to 10. I want to represent them as High, Low, Medium etc.

For example,
if the severity is between 1 and 3 as Low
if the severity is between 4 and 5 as Medium, and so on

Please advise on how to achieve this.

Thanks in advance.

richgalloway · ‎11-01-2022

Use an eval with the case function to map severity numbers to names.

| eval severity = case(severity>=1 AND severity<=3,"Low",
                       severity>=4 AND severity<=5,"Medium",
                       severity>5,"High")

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-01-2022

Use an eval with the case function to map severity numbers to names.

| eval severity = case(severity>=1 AND severity<=3,"Low",
                       severity>=4 AND severity<=5,"Medium",
                       severity>5,"High")

---
If this reply helps you, Karma would be appreciated.

How to replace severity values by respective levels?

chart

eval

stats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation