Eval Command (IF)

jaibalaraman · ‎09-27-2021

Hi Team

When i tried running the below eval command, i am getting some error message often.

I wrote this below command to find out number of Samsung device used in a month.

eval Next= if(match(cs_user_agent, "SM-G980F"),"Samsung Galaxy S20-5G",if(match(cs_user_agent, "SM-G975W"),"Samsung Galaxy S10+",if(match(cs_user_agent, "SM-G935F"),"Samsung Galaxy S7 edge ",if(match(cs_user_agent, "SM-T350"),"Samsung Galaxy Tab",if(match(cs_user_agent, "SM-G950"),"Samsung Galaxy S8",if(match(cs_user_agent, "SM-G998"),"Samsung Galaxy S21 Ultra-5G",if(match(cs_user_agent, "SM-J120Z"),"Samsung Galaxy J1",if(match(cs_user_agent, "SM-A217F"),"Samsung Galaxy A21s",if(match(cs_user_agent, "SM-G988"),"Samsung Galaxy S20 Ultra 5G",if(match(cs_user_agent, "SM-A105G"),"Samsung Galaxy A10",if(match(cs_user_agent, "SM-A525"),"Samsung Galaxy A52",if(match(cs_user_agent, "SM-G991"),"Samsung Galaxy S21 5G",if(match(cs_user_agent, "SM-A225F"),"Samsung Galaxy A22",if(match(cs_user_agent, "SM-A725"),"Samsung Galaxy A72",if(match(cs_user_agent, "SM-G781"),"Samsung Galaxy S20 FE 5G",if(match(cs_user_agent, "SM-F900U"),"Samsung Galaxy Fold",if(match(cs_user_agent, "SM-A326"),"Samsung Galaxy A32 5G",if(match(cs_user_agent, "SM-F700"),"Samsung Galaxy Z Flip3 5G",if(match(cs_user_agent, "SM-A226"),"Samsung Galaxy A22 5G",if(match(cs_user_agent, "SM-N986"),"Samsung Galaxy Note20 Ultra 5G",if(match(cs_user_agent, "SM-A526"),"Samsung Galaxy A52 5G",if(match(cs_user_agent, "SM-A515"),"Samsung Galaxy A51",if(match(cs_user_agent, "SM-A217"),"Samsung Galaxy A21s",if(match(cs_user_agent, "SM-M326"),"Samsung Galaxy M32 5G",if(match(cs_user_agent, "SM-T7"),"Samsung Galaxy Tab S7 FE",if(match(cs_user_agent, "SM-T50"),"Samsung Galaxy Tab A7 10.4",if(match(cs_user_agent, "SM-T50"),"Samsung Galaxy Tab A7 10.4",if(match(cs_user_agent, "SM-T50"),"Samsung Galaxy J7 Prime",if(match(cs_user_agent, "SM-M515"),"Samsung Galaxy M51",if(match(cs_user_agent, "SM-A505"),"Samsung Galaxy A50",if(match(cs_user_agent, "SM-T22"),"Samsung Galaxy Tab A7 Lite",if(match(cs_user_agent, "SM-G930"),"Samsung Galaxy S7",if(match(cs_user_agent, "SM-N960"),"Samsung Galaxy Note9",if(match(cs_user_agent, "SM-J700"),"Samsung Galaxy J7",if(match(cs_user_agent, "SM-G970"),"Samsung Galaxy S10e",if(match(cs_user_agent, "SM-M127"),"Samsung Galaxy M12",if(match(cs_user_agent, "SM-N970"),"Samsung Galaxy Note10",if(match(cs_user_agent, "SM-A115"),"Samsung Galaxy A11",if(match(cs_user_agent, "SM-T87"),"Samsung Galaxy Tab S7",if(match(cs_user_agent, "SM-A315"),"Samsung Galaxy A31",if(match(cs_user_agent, "SM-M315F"),"Samsung Galaxy M31",if(match(cs_user_agent, "SM-A205"),"Samsung Galaxy A20",if(match(cs_user_agent, "SM-J500"),"Samsung Galaxy J5",if(match(cs_user_agent, "SM-T97"),"Samsung Galaxy Tab S7+","other"))))))))))))))))))))))))))))))))))))))))))))

Note - could some one please help me finding out the best way to get the expected outcome from the user agent or please help to avoid the error.

PickleRick · ‎09-29-2021

If I remember correctly, the DAG Execution Exception is not directly related to your syntax. Anyway, you should get more details regarding the error in your job log in job inspector.

And about the query itself - man, it's hugely overcomplicated. Why don't you just use a lookup? Or even better - do an automatic lookup so it fills a "human-readable" type into a separate field.

jaibalaraman · ‎09-29-2021

Hi

Why don't you just use a lookup? Or even better - do an automatic lookup so it fills a "human-readable" type into a separate field.

Could you please help me on this, i don't know how to use lookup command.

jaibalaraman · ‎09-28-2021

Sorry for multiple response,

Currently with help of ( IF & Case ) i am extracting user agent details like ( browser / mobile device / OS family/ OS version ) which is manual work.

Is there any work around which helps me to find out user agent , we are using Splunk cloud. We also aware about few app like user agent extraction in Splunk which will not work for Splunk cloud.

jaibalaraman · ‎09-28-2021

Hi ,

I tried using sort command to display the number from highest to lowest but its not working.

Could you please help me on this sorting from descending to ascending.

jaibalaraman · ‎09-28-2021

@kamlesh_vaghela

Hi

Thank you for your valuable responce, yes the above case statement its working.

I have a question why the below two line are included in the search "

| makeresults 
| eval cs_user_agent="-SM-M315F-"

are they mandatory ..

kamlesh_vaghela · ‎09-28-2021

No @jaibalaraman

It is for sample data only. You just take eval statement and put it into your search.

🙂

jaibalaraman · ‎09-28-2021

Currently with help of ( IF & Case ) i am extracting user agent details like ( browser / mobile device / OS family/ OS version ) which is manual work.

Is there any work around which helps me to find out user agent , we are using Splunk cloud. We also aware about few app like user agent extraction in Splunk which will not work for Splunk cloud.

kamlesh_vaghela · ‎09-27-2021

@jaibalaraman

I would suggest to go with case condition instead of if.

Please check below search.

| makeresults 
| eval cs_user_agent="-SM-M315F-" 
| eval Next= case(match(cs_user_agent, "SM-G980F"),"Samsung Galaxy S20-5G",match(cs_user_agent, "SM-G975W"),"Samsung Galaxy S10+",match(cs_user_agent, "SM-G935F"),"Samsung Galaxy S7 edge ",match(cs_user_agent, "SM-T350"),"Samsung Galaxy Tab",match(cs_user_agent, "SM-G950"),"Samsung Galaxy S8",match(cs_user_agent, "SM-G998"),"Samsung Galaxy S21 Ultra-5G",match(cs_user_agent, "SM-J120Z"),"Samsung Galaxy J1",match(cs_user_agent, "SM-A217F"),"Samsung Galaxy A21s",match(cs_user_agent, "SM-G988"),"Samsung Galaxy S20 Ultra 5G",match(cs_user_agent, "SM-A105G"),"Samsung Galaxy A10",match(cs_user_agent, "SM-A525"),"Samsung Galaxy A52",match(cs_user_agent, "SM-G991"),"Samsung Galaxy S21 5G",match(cs_user_agent, "SM-A225F"),"Samsung Galaxy A22",match(cs_user_agent, "SM-A725"),"Samsung Galaxy A72",match(cs_user_agent, "SM-G781"),"Samsung Galaxy S20 FE 5G",match(cs_user_agent, "SM-F900U"),"Samsung Galaxy Fold",match(cs_user_agent, "SM-A326"),"Samsung Galaxy A32 5G",match(cs_user_agent, "SM-F700"),"Samsung Galaxy Z Flip3 5G",match(cs_user_agent, "SM-A226"),"Samsung Galaxy A22 5G",match(cs_user_agent, "SM-N986"),"Samsung Galaxy Note20 Ultra 5G",match(cs_user_agent, "SM-A526"),"Samsung Galaxy A52 5G",match(cs_user_agent, "SM-A515"),"Samsung Galaxy A51",match(cs_user_agent, "SM-A217"),"Samsung Galaxy A21s",match(cs_user_agent, "SM-M326"),"Samsung Galaxy M32 5G",match(cs_user_agent, "SM-T7"),"Samsung Galaxy Tab S7 FE",match(cs_user_agent, "SM-T50"),"Samsung Galaxy Tab A7 10.4",match(cs_user_agent, "SM-T50"),"Samsung Galaxy Tab A7 10.4",match(cs_user_agent, "SM-T50"),"Samsung Galaxy J7 Prime",match(cs_user_agent, "SM-M515"),"Samsung Galaxy M51",match(cs_user_agent, "SM-A505"),"Samsung Galaxy A50",match(cs_user_agent, "SM-T22"),"Samsung Galaxy Tab A7 Lite",match(cs_user_agent, "SM-G930"),"Samsung Galaxy S7",match(cs_user_agent, "SM-N960"),"Samsung Galaxy Note9",match(cs_user_agent, "SM-J700"),"Samsung Galaxy J7",match(cs_user_agent, "SM-G970"),"Samsung Galaxy S10e",match(cs_user_agent, "SM-M127"),"Samsung Galaxy M12",match(cs_user_agent, "SM-N970"),"Samsung Galaxy Note10",match(cs_user_agent, "SM-A115"),"Samsung Galaxy A11",match(cs_user_agent, "SM-T87"),"Samsung Galaxy Tab S7",match(cs_user_agent, "SM-A315"),"Samsung Galaxy A31",match(cs_user_agent, "SM-M315F"),"Samsung Galaxy M31",match(cs_user_agent, "SM-A205"),"Samsung Galaxy A20",match(cs_user_agent, "SM-J500"),"Samsung Galaxy J5",match(cs_user_agent, "SM-T97"),"Samsung Galaxy Tab S7+",1=1,"other")

Thanks
KV
▄︻̷̿┻̿═━一 😉

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

Eval Command (IF)

other

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!