Re: Can you help me with an issue with the rangema...

roopeshetty · ‎02-01-2019

Hi,

We have a field by name “Scores”, which has values in numbers that vary from -99 to 399. Now we need to run a “rangemap” query on them so that we can categorize them as below;

-99 to 1=Poor
2 to 150=Average
151 to 200=Good
201 to 399=Excellent

We are running the query as something like this, but it is not working as expected;

| rangemap field= Scores Poor=-99-1 Average=2-150 Good=151-200 default=Excellent

Can someone tell us what’s wrong with this above query?

knielsen · ‎02-05-2019

If this is cut and paste from your actual query, lose the space between field= and Scores. 🙂

woodcock · ‎02-01-2019

You can make your own rangemap command with eval like this:

... | eval range = case(Scores<-99, "Excellent", Scores<=1,"Poor",  Scores<=150, "Average", Scores<=200, "Good", true(), "Excellent")

roopeshetty · ‎02-05-2019

its skipping the values which are less than 1.. any other way?

woodcock · ‎02-05-2019

I have updated my answer to more accurately match.

roopeshetty · ‎02-13-2019

hi ,
now getting error as "Unbalanced quotes"

woodcock · ‎02-13-2019

Fixed one more typo. Good to go now.

Can you help me with an issue with the rangemap command?

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Are you a member of the Splunk Community?

Can you help me with an issue with the rangemap command?

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases