Splunk Search

If a field contains in an eval statement

jenkinsta
Path Finder

My data is like this illustration purposes only:

LocalIp aip
10.10.10.1192.168.1.1
10.10.10.2172.58.100.41

10.10.12.3
8.8.8.8
192.168.3.1

8.8.8.8

 

I am trying to search for any hits where LocalIP contains the aip address. In this example there is one hit

This is what I have but stuck at trying contains

| eval result=if(like(LocalIP, "%".aip."%"),"Match","")

 

 

Labels (1)
0 Karma
1 Solution

jenkinsta
Path Finder

This was the trick that worked 

eval result=if('LocalIP' == 'aip',"Match", "")

View solution in original post

0 Karma

jenkinsta
Path Finder

This was the trick that worked 

eval result=if('LocalIP' == 'aip',"Match", "")

0 Karma

richgalloway
SplunkTrust
SplunkTrust

How it that eval failing you?

Have you tried mvfind?

 

| eval result=if(mvfind(LocalIP, aip),"Match","")

 

---
If this reply helps you, Karma would be appreciated.
0 Karma

jenkinsta
Path Finder

eval is not matching correctly. the mvfind says it has an error. 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please elaborate.

How is the eval not matching correctly?  What results do you get compared to what you expect?

What is the error reported by mvfind?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...