I have a dataset where each event will have a field that is the name of a particular group. this field has a standard naming convention which makes it easy to pick out, but its value is a numerical value that can be different for each event. I need to create an eval field that is the value of whatever particular field this is by matching on its naming convention, but eval doesn't seem to take wildcards very well.
or eval coolfactor=match(%oolfie%) <-- would be more the case based on the naming convention
I think this might work for you, provided there's only one "cool field" per event:
... your search ... | foreach *oolfie* [eval coolfactor='<<FIELD>>']
This won't work if there's more than one such field per event because the foreach clause will keep overwriting the coolfactor field with all of the fields until the last one. But if you only have one per event, this should do the trick.
Alternatively, if you know the names of the fields ahead of time, you can use coalesce instead:
... your search ... | eval coolfactor=coalesce(coolfielda,coolfieldb,coolfieldc)
But you can't use coalesce with a wildcard. Thus the foreach construction above.
The resource_list value is what is requested, the resources_available number is what is available and the stuff in between are sets of queues. What I'm attempting to do is determine what percentage of the request event A is being used of whats available in event B.