As @ITWhisperer and @bowesmana said, SPL is not a procedural language and does not provide code block. I do understand the semantic clarity, and maintainability of a code block. So, I am going to use the specifics in your sample to give a very silly "block".
Obviously I have no idea what values are in field, group and groups. So I made something up, with the constraint that group be numeric.
| field | group | groups |
| 0 | 10 | 10 |
| 1 | 20 | 30 |
| 2 | 30 | 60 |
The following will read like a block:
| eval bingo = if(field == 1, mvrange(group, group+1), null())
| foreach bingo mode=multivalue
[eval group = <<ITEM>> + 1, groups = groups . "," . <<ITEM>>]
and the output is equivalent to your block code
| field | group | groups |
| 0 | 10 | 10 |
| 1 | 21 | 30,20 |
| 2 | 30 | 60 |
Is that code block? Not really. Does it achieve semantic clarity? Questionable. But you are not repeating condition evaluation.
Also, if maintainability is super important, you can also do something like
| tojson group groups
| eval _raw = if(field == 1, json_set(_raw, "group", group + 1, "groups", groups . "," . group), _raw)
| fields - group groups
| spath
In a roundabout way, this has the true spirit of a code block.
The above mock data is produced with the following:
| makeresults format=csv data="field, group
0, 10
1, 20
2, 30"
| streamstats sum(group) as groups
``` data emulation above ```
