Hi Everyone,

So I'll try and make this as clear as possible, but it's quite hard to explain it in depth.

What I'm trying to do is map a certain numeric field value called "ordernumber" to a lookup file (for example 10). This lookup file contains a start range and stop range (for example 1-100) to identify which orders belong to which suppliers. A supplier will fill an unique order number in everytime it sends the order. Basicly it's described in this topic before: https://community.splunk.com/t5/Splunk-Search/How-do-you-create-a-lookup-from-a-range-of-values/m-p/...  

To make this work I used the following command:

| map search="| inputlookup supplier_range.csv | search To > $Ordernumber$ AND From < $Ordernumber$ |eval Ordernumber=\"$Ordernumber$\", details=\"$details$\", Matnumber=\"$matnumber$\" " maxsearches=1000000000000

However, now I have one issue, which is the following. Currently, not all possible ordernumber ranges are completely defined and suppliers sometimes make typo's when filling in the forms. In this case, I want to keep the events containing the "wrong"  number and just return an empty result for supplier name, which will be retrieved from the look-up file. I tried performing an if statement, but can't seem to get it to work. Then it does not return any results anymore.

"| eval name=if(To > $ $Ordernumber$ AND From < $Ordernumber$, "Name", EMPTY)"

I'm kinda stuck on this one. Is this even doable via a map command or should I be using any other form of command? And how?

In case I need to clarify anything please let me know.

Kind regards,