Solved: If statement with AND

mansel_scheffel · ‎08-17-2016

Hi,

Is it possible to use AND in an eval if statement.. for instance if(volume =10, "normal" if(volume >35 AND <40, "loud")) and so on.. I would like to add a few more if's into that as well..Any thoughts on how to structure it?

javiergn · ‎08-17-2016

Yes you could do that with if, but the moment you start nesting multiple ifs it's going to become hard to read.
Why don't you use case instead?

eval whatever = case (
    volume = 10, "normal",
    volume > 35 AND volume < 40, "loud",
    1 = 1, "default rule"
)

View solution in original post

javiergn · ‎08-17-2016

Yes you could do that with if, but the moment you start nesting multiple ifs it's going to become hard to read.
Why don't you use case instead?

eval whatever = case (
    volume = 10, "normal",
    volume > 35 AND volume < 40, "loud",
    1 = 1, "default rule"
)

hardikJsheth · ‎08-17-2016

You can use case statement instead the syntax is
case (condition , TRUE, FALSE)

You can have nested case statements as well for eg.
|index=main | eval system=case(isnotnull(dest) AND dest!="unknown",dest,isnotnull(src) AND src!="unknown",src,isnotnull(dvc) AND dvc!="unknown",dvc,1=1,"unknown")

If statement with AND

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

If statement with AND

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk