There are two strings "abc" and "xyz", some values are assigned to the strings;
suppose say
abc: 50 and xyz: 45
I want to write a quarry which yields a result like
Result = (abc-xyz)
and compare if result >= 75%
Please help me in this.Thanks in advance.
Your question is lacking a bit of information;
abc
always larger than xyz
?Anyway, here are a few examples of some arithmetic operations, but you should look up these pages as well;
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Eval
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonEvalFunctions
your search here | eval diff = abc - xyz |
your search here | eval absdiff = abs(abc - xyz) |
your search here | eval ratio = xyz/abc |
your search here | eval ratio = xyz/abc | where ratio >=0.75
/K
So the last of my examples should fit you nicely. Please upvote and/or mark the answer as accepted if your problem was solved.
/K
75% of abc
yes abc is always larger than xyz