Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

nested if loop

splunkymage
Observer
‎08-29-2021 09:50 PM

I would like to write in splunk a nested if loop: What I want to achieve:

if buyer_from_France: 

                   do eval percentage_fruits

                   if percentage_fruits> 10:

                                                         do summation

                                                         if summation>20:

                                                                                          total_price

                                                                                           if total_price>$50:

                                                                                                                      do(trigger bonus coupon)

My current code (that works):

> | eventstats sum(buyers_fruits) AS total_buyers_fruits by location

> | stats sum(fruits) as buyers_fruits by location buyers

> | eval percentage_fruits=fruits_bought/fruits_sold

> | table fruits_bought fruits_sold buyers

> | where percentage_fruits > 10

> | sort - percentage_fruits

How do I complete the syntax/expression for the 2nd (summation) and consequently, 3rd (total price), 4th if-loop (trigger)?

Labels (5)
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top