Hello Everyone!

I trying to build some widgets in my dashboard, but I’ve some problems with my query. I trying to show severity for my custom rule detections and the curated detections in just one field.

My problem resume to can’t use field detection.detection.severity in my if condition, because this field is “enum” data type, and another field is string data type.

Query → $dynamic_severity = if(detection.detection.severity = “UNKNOWN_SEVERITY”, detection.detection.outcomes["severity"], detection.detection.severity)

detection.detection.outcomes["severity"] → This is severity of my custom rules (string data).

Feel free to send me another logics for this query!