I have a event that returns me this
what i want is to have a new field that will solve the equation
like
number |newfield | result
1 | 1+ 1 | 2
@jadengoho, a command like the following will do the trick
<YourBaseSearchwithSingleEvent>
| eval result=[| makeresults
| eval result=$newfield$
| return $result]
Following is a run anywhere example based on your sample data. PS: Since it uses map command it will have limit and performance issues based on number of sub searches:
| makeresults
| eval data="1,1+1;2,2+1;3,2+3*5;4,(2+(6*1))/2"
| makemv data delim=";"
| mvexpand data
| eval data=split(data,",")
| eval number=mvindex(data,0),newfield=mvindex(data,1)
| table number newfield
| map search="| makeresults
| eval result=[| makeresults
| eval result=$newfield$
| return $result]
| eval number=$number$,newfield=$newfield$"
| table number newfield result
Based on answer https://answers.splunk.com/answers/222544/eval-a-string-as-an-expression.html
@jadengoho, a command like the following will do the trick
<YourBaseSearchwithSingleEvent>
| eval result=[| makeresults
| eval result=$newfield$
| return $result]
Following is a run anywhere example based on your sample data. PS: Since it uses map command it will have limit and performance issues based on number of sub searches:
| makeresults
| eval data="1,1+1;2,2+1;3,2+3*5;4,(2+(6*1))/2"
| makemv data delim=";"
| mvexpand data
| eval data=split(data,",")
| eval number=mvindex(data,0),newfield=mvindex(data,1)
| table number newfield
| map search="| makeresults
| eval result=[| makeresults
| eval result=$newfield$
| return $result]
| eval number=$number$,newfield=$newfield$"
| table number newfield result
Based on answer https://answers.splunk.com/answers/222544/eval-a-string-as-an-expression.html
