hi All,
can someone help on the splunk search eval condition based on below scenario using fields
Actualstarttime and job_start_by
if job_start_by<= Actualstarttime
return "GREEN / STARTED ON TIME"
else:
return "AMBER / STARTED LATE"
else:
if now <= Actualstarttime
return "EARLY / NO DATA"
else:
return "RED / START SLA BREACH"
if now > Actualstarttime
return "RED / END SLA BREACH"
else:
return "BLUE / RUNNING"
