format output based on IF condition

Splunk Search

Query 1:

| pivot mongo ServerStatus max(currentConnections) SPLITCOL host 
| fieldsummary 
| fields field, max 
| rename field as host, max as max_host 
| stats sum(max_host) as Total 
| search Total>20000

This above is displaying the total number of connections as expected

i want to add a if condition like whenever i met this condition i want to display connections per host as per below query. i tried including the search inside but this is not helping in my case

eval flag=if(condition, [SEARCH QUERY], null())

Query 2:

| pivot mongo ServerStatus max(currentConnections) SPLITCOL host 

| fieldsummary | fields field , max

| rename field AS host, max AS max_host

| eval host=host." (".max_host.")" 

| fields host

| mvcombine delim=" , " host

| nomv host

Result:

host1 (1414)

host2 (1415)

host3 (1416)

host4 (3532)

Both Queries are working as expected but i'm looking if i can connect them on condition like execute query 2 only on condition of Total connections exceed.

Any help is appreciated , thank you

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...