hi All,

can someone help on the splunk search eval condition based on below scenario using fields 

Actualstarttime and job_start_by

if job_start_by<= Actualstarttime

return "GREEN / STARTED ON TIME"
else:
return "AMBER / STARTED LATE"

else:
if now <= Actualstarttime
return "EARLY / NO DATA"
else:
return "RED / START SLA BREACH"

if now > Actualstarttime
return "RED / END SLA BREACH"
else:
return "BLUE / RUNNING"