#####This part of my query gets me on the street I want to be on for this report######
index="A"
| rex mode=sed field=User_Full_Name "s/ //g"
| eval User_Full_Name = LOWER(User_Full_Name)
| rex mode=sed field=Emergency_Contact1 "s/ //g"
| eval Emergency_Contact1 = LOWER(Emergency_Contact1)
| eval results = if(match(Emergency_Contact1,User_Full_Name), "match", "no match")
| dedup User_Full_Name
| search results="match"
| eval Service_Areas=split(Patient_Service_Areas, ",")
| search Service_Areas="50*"
########################################
######This syntax does not return any results even though I know I have matches in my testing data#############
| eval User_Logon_ID = LOWER(User_Logon_ID)
| search index="B"
| eval HSCNET_ID = LOWER(HSCNET_ID)
| eval results = if(match(User_Logon_ID,HSCNET_ID), "USF", "no USF")
| search results="USF"
↧