Solved: How to use eval and asterisk?

kiran331 · ‎03-28-2017

Hi

How to use asterisk in the eval case search? I have to assign a value to the IP ranges.

for Ip range 1.2.* - Low
for Ip range 3.4.* - Medium
for IP range 5.* - High

I tried below search, its not working
search | eval case(src_ip=1.2.* , "Low", src_ip=3.4.* ,"Medium", src_ip=5.*. "High")

woodcock · ‎03-28-2017

Like this:

search | eval case(like(src_ip, "1.2.%"), "Low", like(src_ip, "3.4.%") ,"Medium", like(src_ip, "5._%.%"), "High")

woodcock · ‎03-28-2017

Like this:

search | eval case(like(src_ip, "1.2.%"), "Low", like(src_ip, "3.4.%") ,"Medium", like(src_ip, "5._%.%"), "High")

kiran331 · ‎03-28-2017

Thank you!

How to use eval and asterisk?