I've been struggling with how to use 'if' via eval to determine whether or not to run a search.
We only want to run a search if the passed in ticket number is in a valid format - e.g., IM123456, IM234567, etc.
Here is my failing code:
| dbquery Netcool "select node, ticketnumber, summary from reporter_status where ticketnumber='$ticket_token$'" | eval ticketed = if(match($ticket_token$,"^IM.*"),1,0) | where ticketed > 0
I know the search works alone. It's the 'if' statement screwing things up.
Wildcards are different in the match function. Try match($ticket_token$, "IM%").