Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: compare cell value in a raw
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
compare cell value in a raw
sarit_s
Communicator
05-13-2020
02:07 AM
Hello
i have a raw with 5 columns from the same type and i want to compare the value of the cells of this 5 columns. how can i do it ?
thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
05-13-2020
02:20 AM
use foreach and match()
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sarit_s
Communicator
05-13-2020
02:52 AM
can you please explain how it will work ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
05-13-2020
02:57 AM
see command reference
| makeresults
| fillnull A B C D
| eval E=1
| foreach A B C D E
[ eval flag_<<FIELD>>=if(match('<<FIELD>>',"0"),"yes", "no")]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sarit_s
Communicator
05-13-2020
03:31 AM
this is my query:
index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messages-dhcpd-lpf-eth0-listening" OR eventtype="csm-messages-dhcpd-send-socket-fallback-net" OR eventtype="csm-messages-dhcpd-write-zero-leases" OR eventtype="csm-messages-dhcpd-eth1-nosubnet-declared"
| bin span=1s _time
| chart count OVER _time BY eventtype
| foreach eventtype [ eval flag=if(match('<<eventtype>>',"0"),"yes", "no")]
im getting flag "no" for every raw even if there are mismatches ..
what am i missing ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
05-13-2020
04:16 AM
sorry, I've a mistake. I fix it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sarit_s
Communicator
05-13-2020
05:23 AM
index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messages-dhcpd-lpf-eth0-listening" OR eventtype="csm-messages-dhcpd-send-socket-fallback-net" OR eventtype="csm-messages-dhcpd-write-zero-leases" OR eventtype="csm-messages-dhcpd-eth1-nosubnet-declared"
| timechart span=1s count BY eventtype
| foreach eventtype
[ eval flag_eventtype=if(match('eventtype',"0"),"yes", "no")]
still same results..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sarit_s
Communicator
05-13-2020
03:15 AM
what is the 0 stand for ?
Get Updates on the Splunk Community!
Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...
We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...
IM Landing Page Filter - Now Available
We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...
Dynamic Links from Alerts to IM Navigators - New in Observability Cloud
Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...
