I have multiple event_names ending in COPIED & SELECTED As part of the analysis I'm doing, I need to rename the events ending with COPIED based on certain criterias
For Example
Mail_Copied = where Email Copied
Text_Copied = where Text Copied
Text_Email_Copied = where both Text_Copied and Email_Copied are used
UK_Number_Selected = Where the phone number is UK Phone
Non_UK_Number_Selected = Where the phone number is not UK phone number
I've done my eval as such
| eval Channel=case(event_name==Mail_Copied, EmailCopied, event_name==Text_Copied, *TextCopied*,
(event_name==Mail_Copied OR event_name==Text_Copied), TextEmailCopied,
(event_name==Text_Copied AND event_name==UK_Number_Selected), UK_Number,
(event_name==Text_Copied AND event_name==Non_UK_Number_Selected), NON_UK_Number)
| stats count as "Number" by month, Channel, event_name
The issue I have is that most of the events come from COPIED event, however because I have to use the combination of the SELECTED events with COPIED events, its not returning any value for UK_Number and NON_UK_Number
| Month | Channel | event_name | Number |
|---|---|---|---|
| November | Non_UK_Number | Non_UK_Number_Selected | 463 |
| November | TextCopied | Text_Copied | 34 |
| November | EmailCopied | Email_Copied | 4 |
| November | TextEmailCopied | Text_Email_Copied | 10 |
I am not sure if I've explained myself clearly.
The
casefunction is order-sensitive. The first match is the one used even if another match also evaluates totrue. Try re-arranging the evaluations.