Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Search using IF statement

tech_soul
New Member
‎10-01-2019 12:48 AM

Hi All,

Could you please help me with " if "query to search a condition is true then need to display some values from json format .
please i m brand new to splunk ..

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-01-2019 01:00 AM

Hi tech_soul,
without othe information is difficoult to help you! could you share more information?

Anyway, you can use the if condition in an eval command to set a variable to use for searches, for additioan information see https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/ConditionalFunctions .

E.g. if I want to set a value OK if a field has a value less than 100 and NOK if the value is more than 100, you could create a search like this:

index=my_index
| eval my_check=if(my_field>100,"NOK","OK")
| table _time my_check

Then you can use this value for additional conditions as search or where.

Bye.
Giuseppe

Reply

yshen
Communicator
‎10-12-2020 04:05 PM

Thanks for the concise example of if expression.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...