Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

[help]eval expression for dynamic field is invalid

cheriemilk
Explorer
‎01-14-2020 12:33 AM

Hi Team,

I have below appendpipe clause
| appendpipe
[| eventstats first(eval("step3".mvindex(listbehavior,2))) as start, **first(eval(if(isnull(mvindex(listbehavior,3))), "step4".mvindex(list_behavior,3), "exit"))** as end by UserID]

But I got the an error when searching
Error in 'eventstats' command: The eval expression for dynamic field 'eval(if(isnull(mvindex(listbehavior,3))), "step4".mvindex(listbehavior,3), "exit")' is invalid. Error='The operator at ', "Cherie", "exit"' is invalid.'.

I want to judge first that if the index list_behavior[3] exist or not. If exist, keep the original value, if not, fill in with "exist"

What the correct syntax format should be here ?

Best Regards,
Cherie

Tags (1)
0 Karma
Reply
Highlighted

Re: [help]eval expression for dynamic field is invalid

to4kawa
Ultra Champion
‎01-14-2020 01:14 AM 
....
| appendpipe
[| eventstats first(eval("step3".mvindex(list_behavior,2))) as start, first(eval(if(mvcount(list_behavior)=3, "step4".mvindex(list_behavior,3), "exit"))) as end by UserID]

Hi, @cheriemilk
how about this?

0 Karma
Reply