Hi,
I'm fairly new to Splunk and lately I've tried to create a new_column trying to do the following condition:
if( column_2 == 0 AND ( column_3 == 1 OR new_column[row-1] == 1), 1, 0)
Basically - the tricky part for me so far - is a condition that checks a value on another column but also checks on the same column but one row above.
On the table below the condition above would be displayed like that:
column_2 | column_3 | new_column
0 | 0 | 0
0 | 0 | 0
0 | 0 | 0
0 | 0 | 0
0 | 1 | 1
0 | 0 | 1
0 | 0 | 1
1 | 0 | 0
1 | 0 | 0
0 | 0 | 0
I already have column_2 and column_3, as mentioned above, i'm particularly struggling on new_column creation based on the condition stated.
Any advice is appreciated
Thanks,
Theo
... View more