Solved

Usage of if-else statements in eval

2 years ago
27 May 2021
3 replies
194 views

Userlevel 3

+8

Nicolai Thorndahl
LogPoint Team
14 replies

Hi

I can see that the process eval command supports the use of if-else statements, but I can’t find any examples of the syntax.

My issue is that I have logs which contain a source_address field, and host_address, and then I have some other logs which only contains host_address logs, and I would like to translate the IP to country from source_address if the field exists and else take it from host_address. So I tried to say if, source_address is null, then set source_address to host_address, else nothing.
|process eval(if(source_address=null, source_address=host_address,)

icon

Best answer by Nicolai Thorndahl 15 June 2021, 10:52

View original

Kind Regards, Nicolai

Like
Quote
Share

3 replies

Userlevel 4

+7

Nils Krumey
LogPoint Team
105 replies
2 years ago
27 May 2021

There might be a fundamentally different way of doing this (i.e. without eval), but in case you hadn’t spotted it, the eval process plugin actually has its own manual under “Plugins” on the docs portal, and there are examples for the conditional statements here: https://docs.logpoint.com/docs/evaluation-process-plugin/en/latest/Conditional%20and%20Comparison%20functions.html#if-statement . Perhaps that helps?

Userlevel 3

+8

Nicolai Thorndahl
Author
LogPoint Team
14 replies
2 years ago
27 May 2021

There might be a fundamentally different way of doing this (i.e. without eval), but in case you hadn’t spotted it, the eval process plugin actually has its own manual under “Plugins” on the docs portal, and there are examples for the conditional statements here: https://docs.logpoint.com/docs/evaluation-process-plugin/en/latest/Conditional%20and%20Comparison%20functions.html#if-statement . Perhaps that helps?

Perfect thanks! Didn’t catch that one.

Userlevel 3

+8

Nicolai Thorndahl
Author
LogPoint Team
14 replies
2 years ago
15 June 2021
Answer

Managed to do it with the following command
| process eval(“source_address=if(isnull(source_address)) {return host_address} else {return source_address}”)

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded