Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

nested if loop

splunkymage
Observer
‎08-29-2021 09:50 PM

I would like to write in splunk a nested if loop: What I want to achieve:

if buyer_from_France: 

                   do eval percentage_fruits

                   if percentage_fruits> 10:

                                                         do summation

                                                         if summation>20:

                                                                                          total_price

                                                                                           if total_price>$50:

                                                                                                                      do(trigger bonus coupon)

My current code (that works):

> | eventstats sum(buyers_fruits) AS total_buyers_fruits by location

> | stats sum(fruits) as buyers_fruits by location buyers

> | eval percentage_fruits=fruits_bought/fruits_sold

> | table fruits_bought fruits_sold buyers

> | where percentage_fruits > 10

> | sort - percentage_fruits

How do I complete the syntax/expression for the 2nd (summation) and consequently, 3rd (total price), 4th if-loop (trigger)?

Labels (6)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...