I'm trying to extract a field-value for comparison - in a dynamic fashion. First let me illustrate the problem with some sample data:
DataType=2, MaxPower=10, MinPower=3, IdlePower=5
DataType=3, Open=10, Close=23, HappyHour=15
I have a lookup table with something similar to this:
DataType,FieldName,ValueMax,ValueMin
2,MaxPower,100,10
2,MinPower,10,1
2,IdlePower,50,1
3,Open,10,5
... etc.
Now my search looks like this:
index=xxx | lookup LOOKUPFILEX DataType | mvexpand FieldName | ...
I want to map the results into a macro which will perform the actual evaluation, this part is ok. Now I'm trying to write this macro and i'm sort of hitting a wall. For example, the macro might be invoked like this:
`checkRange("$FieldName$",$ValueMax$,$ValueMin$)`
So from within the macro, given the field name "MaxPower", how do I extract the value (10 in this case) so I can perform comparison with its associated max/min range?
I am currently on the path associated with another question "dynamic field substition"
By the way, the reason I don't want to hard-coding the evaluation (MaxPower, MinPower, IdlePower, Open, etc.) is because - what you see here is just a sample; the actual use-case I am confronted with contains upwards of 100 fields that are subject to change. Therefore modifications must be easily implemented (like via a lookup table)