cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
codichulo
Loves-to-Learn
Member since: ‎05-07-2020
‎12-04-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-07-2020
Activity Feed
Topics I've Started
View All

Re: If / Then Conditional.

by in Splunk Search
‎08-18-2020 06:21 AM
‎08-18-2020 06:21 AM
oh sorry, the rex statements are working fine, i just removed identifiable info to make them look generic, and in doing so made them look in error.  it was the eval statement that i couldn't get to work right. I'll try your suggestion. Thanks so much.    ... View more

If / Then Conditional.

by in Splunk Search
‎08-17-2020 09:24 PM
‎08-17-2020 09:24 PM
Heres what i'm trying to accomplish:  requestID               status 123456                   errored 321654                  Success 789456                 errored I'm Newbie, Maybe i'm going about this all wrong, and there maybe another way....but i don't think so based on what info i have. but heres what i got so far. I'm probably over-thinking this.  index=someindex sourcetype=sometype "request syntax" OR "error syntax" OR "success syntax" | rex field=_raw "request id: '(?<requestID>\d+)',\text" | rex field=_raw ".*(?<error>Error response received)\stext" | rex field=_raw ".*(?<Success>Database request executed):\stext" | eval requestID =if(requestID=(error),"Errored", "Success") ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-04-2020 11:27 AM