Hi,
I have a search result of a JSON file.
"
{ [-]
number: 58
result: SUCCESS
} "
How can I consider the "result" as number. for example:
SUCCESS = 1
Failure = 2
Thanks !
YOu could use eval-if OR eval-case to do that. Another alternative is to use replace
If there are only two possible values
your base search | eval result=if(result="SUCCESS",1,2)
If there are more than two possible values
your base search | eval result=case(result="SUCCESS",1,result="Failure",2,...other cases,1=1,0)
Alternative using replace method
your base search | replace "SUCCESS" with 1 "Failure" with 2 in result
YOu could use eval-if OR eval-case to do that. Another alternative is to use replace
If there are only two possible values
your base search | eval result=if(result="SUCCESS",1,2)
If there are more than two possible values
your base search | eval result=case(result="SUCCESS",1,result="Failure",2,...other cases,1=1,0)
Alternative using replace method
your base search | replace "SUCCESS" with 1 "Failure" with 2 in result
Thanks , it will work with JSON format results?
how can i use the "replace" number in rangemap ?
i want to use rangemap as following:
rangemap field=result low=1-2 severe=2-3
Appreciate your help !
This should work with JSON format results, just ensure that correct field name is used (see the field sidebar on left for field names available).
Just add your rangemap command after any of the above command.
e.g. (updated the ranges)
your base search | eval result=if(result="SUCCESS",1,2) | rangemap field=result low=1-1 severe=2-3
Like this:
... | eval result_number = case(result="SUCCESS", 1, result="Failure", 2, true(), -1)
Or, if you need it automatic, you can convert this into a calculated field
or a lookup file
and then create an automatic lookup
.