Hi All,
Could you please help me with " if "query to search a condition is true then need to display some values from json format .
please i m brand new to splunk ..
Hi tech_soul,
without othe information is difficoult to help you! could you share more information?
Anyway, you can use the if condition in an eval command to set a variable to use for searches, for additioan information see https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/ConditionalFunctions .
E.g. if I want to set a value OK if a field has a value less than 100 and NOK if the value is more than 100, you could create a search like this:
index=my_index
| eval my_check=if(my_field>100,"NOK","OK")
| table _time my_check
Then you can use this value for additional conditions as search or where.
Bye.
Giuseppe
Thanks for the concise example of if expression.