I would like to create a new tag field based on multiple conditions. I think I have figured out how to specify my conditions, but I would like to create a true/false result in a new field. I am not sure how to do this.
Here is my command so far. I would like to create a new true/false field based on whether or not "hostgroup" is a match with all of the conditions specified. Should return true is case is a match, and false if not.
sourcetype= | eval hostgroup=case(host LIKE "%BE%", "BE", host LIKE "%MT%", "MT", host LIKE "%FE%", "FE", host LIKE "%", "Others")
Any tips on how to setup the true/false portion of my request?
Thanks
... View more