Solved: How to assign numeric values based on counts?

yagbootz48 · ‎07-13-2018

Hello,

I need some help. I'm trying to make a search where I take recipient_count and assign a "value" based on how many recipients there are. For example, recipient_count greater than or equal to 25 value=5, recipient_count range is between 50-99 value=7, recipient_count greater than or equal to 100 value=9

Any ideas how I could accomplish this?

Thanks in advance!

thambisetty · ‎07-14-2018

try something like below,

| your base search
| eval value=case(recipient_count>=25 AND recipient_count<=50 ,5,recipient_count>50 AND recipient_count<=99,7,recipient_count>=100,9)

————————————
If this helps, give a like below.

View solution in original post

yagbootz48 · ‎07-16-2018

@thambisetty thanks!

woodcock · ‎07-14-2018

Check out the rangemap command:

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rangemap

thambisetty · ‎07-14-2018

try something like below,

| your base search
| eval value=case(recipient_count>=25 AND recipient_count<=50 ,5,recipient_count>50 AND recipient_count<=99,7,recipient_count>=100,9)

————————————
If this helps, give a like below.

How to assign numeric values based on counts?

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!