base-search earliest=-1h@m|
Desk
cli_attr="MOBILE_IND=N"
Mobile
cli_attr="MOBILE_IND=Y"
Emarketing
cli_attr="MOBILE_IND=Y" OR cli_attr="MOBILE_IND=N" PartnerCode=*
Non-Emarketing
cli_attr="MOBILE_IND=Y" OR cli_attr="MOBILE_IND=N" NOT PartnerCode=*
using these am trying to build a base search
|eval deskdev=if(cli_attr=="MOBILE_IND=N","MOBILE_IND=N",NULL)
|eval mobiledev=if(cli_attr!="MOBILE_IND=N","MOBILE_IND=N",NULL)
|eval eMarketing=if((cli_attr=="MOBILE_IND=Y") OR (cli_attr!="MOBILE_IND==Y") AND (PartnerCode=="*") , "MOBILE_IND=Y",NULL)
|eval NoneMarketing=if((cli_attr=="MOBILE_IND=Y") OR (cli_attr!="MOBILE_IND=Y") AND (PartnerCode!="*"),"MOBILE_IND=Y",NULL)
search not able to match the values with original, how would it possible.
↧