The eval command calculates an expression and puts the resulting value into a field; this can be used to create a new field, or to replace the value in an existing field. You can use arithmetic operators (+,-,*,/,%), string concatenations (eval name = last.",".first), and Boolean operations (AND, OR, NOT, XOR, <, >, <=, >=, !=, =, ==, and LIKE).
The syntax is | eval <new_field_name> = function(arguments).
Some of the most useful examples include:
| Function | Description | Examples |
| if(X,Y,Z) | If X is TRUE, the result is Y; otherwise Z | | eval status = if(code==200,"OK","Error") |
| len(X) | Returns the character length of X | | eval bytes=len(_raw) |
| like(X,"Y") | Returns TRUE if X is like the SQLite pattern in Y | | eval match = like(field, "addr%") ... |
