Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Kusto - If else condition with Kusto

Tags:

azure-data-explorer

kql

kusto-explorer

I am trying to convert the below Splunk query to Kusto.

| eval result=if(Match(Status,"Success|Passed"), "succeess","failed")

Below is the example from Kusto that is not clear . How do I modify this Kusto example as per the above Splunk Query pls. Thanks | extend day = iff(floor(Timestamp, 1d)==floor(now(), 1d), "today", "anotherday")

enter image description here

like image 844
Milo_Dev Avatar asked Oct 15 '25 20:10

Milo_Dev

1 Answers

You could try this:

... 
| summarize success = countif(Status in ("Success", "Passed")), total = count() 
| project success, failure = total - success

  • in case the values in the column named Status can have different casing, you can use in~()

  • in case the values in the column named Status are longer strings, which you want to look for substring in, you can use, for example: Status contains "Success" or Status contains "Passed"

like image 74
Yoni L. Avatar answered Oct 19 '25 13:10

Yoni L.
Sign in to Comment

Related questions

Can we set retention period for a table in years in Kusto?
Check if a table exists in Kusto language?
How to create a window of arbitrary size in Kusto?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!