help with CASE needed

damucka · ‎08-02-2019

I have the following example:

|makeresults | eval trigger=0|eval decision=case(trigger=1;[|savedsearch test|eval t=1|return $t];0)

producing an error:
Error in 'eval' command: The expression is malformed. Expected )

The intention is clear, I want to execute the savedsearch test under the condition of trigger=1.
Could you please advice what it throws an error?

Kind Regards,
Kamil

damucka · ‎08-02-2019

sorry, it was an easy mistake. I am closing this question.

niketn · ‎08-03-2019

@damucka if you can please post the fixed query and accept the same as answer to assist others facing similar issue.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

damucka · ‎08-03-2019

Sure.
I changed it to if, also there should be == instead of =

|makeresults | eval trigger=0|eval decision=if(trigger==1,[|savedsearch test|eval t=1|return $t],0)

Join the Conversation