英文:
case like does not work in Splunk, no string is matched
问题
我有一个简单的表格:
现在我需要根据主机名添加一个标签:
index=log_ad
| eval tag=case(Hostname like '%SRV%', 'server', Hostname like '%DC%', 'controller', 1=1, 'not matched')
| top tag, Hostname
但所有标签都是 "not matched",有什么问题吗?
英文:
I have a simple table:
Now I need to add a tag according to the Hostname:
index=log_ad
| eval tag=case(Hostname like '%SRV%', 'server', Hostname like '%DC%', 'controller', 1=1, "not matched")
| top tag, Hostname
But all tag are "not matched", what's wrong?
答案1
得分: 2
首先,`like` 是一个[函数][1] - 因此它需要被用作一个函数
这个 *应该* 工作:
index=log_ad
| eval tag=case(like(Hostname,"%SRV%"), "server", like(Hostname,"%DC%"), "controller", 1=1, "not matched")
| top tag, Hostname
[1]: https://docs.splunk.com/Documentation/Splunk/9.0.5/SearchReference/ConditionalFunctions#like.28.26lt.3Bstr.26gt.3B.2C.26lt.3Bpattern.26gt.3B.29
英文:
First, like is a function - so it needs to be used as one
This should work:
index=log_ad
| eval tag=case(like(Hostname,"%SRV%"), "server", like(Hostname,"%DC%"), "controller", 1=1, "not matched")
| top tag, Hostname
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论