I'm trying to establish a field value or variable to be used in a subsequent search. I've stripped out the actual use case to protect data but something like this.
TYPE is a field and has a token value from a dropdown filter in UI. I'm trying to change the value of the token to have a different suffix (RED vs BLUE) and then have the value feed a subsequent search.
| inputlookup xyz.csv
| eval VAR=if(TYPE like "%BLUE",substr(TYPE,1,len(TYPE)-4) +"_RED", null) or if(TYPE like "%RED",substr(TYPE,1,len(TYPE)-3) +"_BLUE",null)
|search TYPE = VAR
| ...
For example if TYPE selected is "HONDA_RED" then I want to change it to "HONDA_BLUE" before starting search.
I keep getting no values returned though.
↧