I have a table output that has a Source Address and a Destination Address. I would like to add a column to the table titled Direction and populate the column for each event based on the Source Address. If the Source Address is one of our internal IPs the Direction would be Outbound. If the Source Address was an external IP then the Direction would be Inbound. We have splunk 5.0.2.
When I use:
| eval Direction= if(SourceAddress==”10.*”,”Outbound”,”Inbound”) or
| eval Direction =case(SourceAddress==”10.*”,”Outbound”,”Inbound”)
I get the error message "Error in 'eval' command: The expression is malformed. An unexpected character is reached at '”10.*”,”Outbound”,”Inbound”)'."
Any help would be appreciated.
... View more