Here's an example of my CSV with 10s of thousand of rows:
device ID
phone [APPLE]1234
phone [ANDROID]0987
phone [ANDROID]4466
phone [APPLE]9922
How do I use the regex command to look in the ID
field and populate a new field called newField1
with a value of eligiblePhone
if the ID value contains [APPLE]
; and to also populate a new field called newField2
with a value of ineligiblePhone
if the ID value contains [ANDROID]
?
The result would look like the below:
device ID newField1 newField2
phone [APPLE]1234 eligiblePhone
phone [ANDROID]0987 ineligiblePhone
phone [ANDROID]4466 ineligiblePhone
phone [APPLE]9922 eligiblePhone
Thank you!
The match command in an eval statement will accomplish this:
| eval newField1=if(match(ID, "APPLE"), "eligiblePhone", null())
| eval newField2=if(match(ID, "ANDROID"), "ineligiblePhone", null())
The documentation for that can be found here: https://docs.splunk.com/Documentation/Splunk/6.6.6/SearchReference/ConditionalFunctions#match.28SUBJ...
The match command in an eval statement will accomplish this:
| eval newField1=if(match(ID, "APPLE"), "eligiblePhone", null())
| eval newField2=if(match(ID, "ANDROID"), "ineligiblePhone", null())
The documentation for that can be found here: https://docs.splunk.com/Documentation/Splunk/6.6.6/SearchReference/ConditionalFunctions#match.28SUBJ...
This works, thanks!