I used this eval statement with AND conditions but I'm only getting result as "Public" even when the condition satisfies for value "Private" i.e. I'm only getting default result. Any idea of what's wrong with this statement?
| eval perm=case(block_public_acls=true AND block_public_policy=true AND ignore_public_acls=true AND restrict_public_buckets=true,"Private",1=1,"Public")
Check the type of the fields.
e.g. | eval type_of_field = typeof(block_public_acls)
If it is "String", then you can wrap the right side of the condition with quotation marks.
| eval perm=case(block_public_acls="true" AND block_public_policy="true" AND ignore_public_acls="true" AND restrict_public_buckets="true","Private",1=1,"Public")
Check the type of the fields.
e.g. | eval type_of_field = typeof(block_public_acls)
If it is "String", then you can wrap the right side of the condition with quotation marks.
| eval perm=case(block_public_acls="true" AND block_public_policy="true" AND ignore_public_acls="true" AND restrict_public_buckets="true","Private",1=1,"Public")
Hi @sam1010,
use double quotes in all the conditions:
| eval perm=case(block_public_acls="true" AND block_public_policy="true" AND ignore_public_acls="true" AND restrict_public_buckets="true","Private",1=1,"Public")
Ciao.
Giuseppe
Have you tried putting "true" in double quotes?