If statement

vaibhavbeohar · ‎03-28-2013

Hi
I am running search to get rating status in my report, not getting any result and getting error
" Error in 'eval' command: The expression is malformed. Expected ) " here is my search,

Thanks

"sourcetype="TicketAnalysis" | eval XYZ = if (Rating1 >="6", "Satisfied", if (Rating1 <="6" AND Rating1 >= "4" "Neutral", if (Rating1 < "4" AND Rating1 >= 1, "Dissatisfied","Unrated"))) "

jbanerje · ‎08-06-2015

eval Comment=if((Fund_Credit_Amt=Ack_Credit_Amt) AND (Fund_Debit_Amt=Ack_Debit_Amt) ,"MATCH","MISMATCH")

jhupka · ‎03-29-2013

Is there any particular reason you wouldn't use case instead?

smolcj · ‎03-28-2013

sourcetype="TicketAnalysis" | eval XYZ = if (Rating1 >="6", "Satisfied", if (Rating1 <="6" AND Rating1 >= "4" **,** "Neutral", if (Rating1 < "4" AND Rating1 >= 1, "Dissatisfied","Unrated")))

i think you missed a comma in second if statement . if (Rating1 <="6" AND Rating1 >= "4" , "Neutral"

smolcj · ‎03-29-2013

🙂 you have an option to remove other from pie graph in a dashboard . append this
0
thisanswer may help you;;

vaibhavbeohar · ‎03-29-2013

Thanks, this works now ,but if i select pie graph i am getting extra field other (1), do you have any idea why its coming only on pie graph ?

If statement

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

If statement

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine