topic Re: Multivalue Field Filterung search in Splunk Search https://community.splunk.com/t5/Splunk-Search/Multivalue-Field-Filterung-search/m-p/463590#M130694 <P>@mklhs ,</P> <P>Try</P> <PRE><CODE>your search |where isnotnull(mvfind(field_name,"foo")) AND isnotnull(mvfind(field_name,"bar")) </CODE></PRE> <P>Please note that the argument to mvfind is <CODE>REGEX</CODE> . So based on your field value, you may combine that with regex as well</P> <P>Reference : <A href="https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/MultivalueEvalFunctions#mvfind.28MVFIELD.2C.22REGEX.22.29">https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/MultivalueEvalFunctions#mvfind.28MVFIELD.2C.22REGEX.22.29</A></P> Mon, 26 Aug 2019 04:56:14 GMT renjith_nair 2019-08-26T04:56:14Z Multivalue Field Filterung search https://community.splunk.com/t5/Splunk-Search/Multivalue-Field-Filterung-search/m-p/463589#M130693 <P>Hello,</P> <P>I need your help.<BR /> I have a field which contains multivalue.<BR /> Example:<BR /> Table</P> <HR /> <P>Foo</P> <HR /> <P>in cash</P> <HR /> <P>foo<BR /> in cash</P> <HR /> <P>I need a way to only display events that have foo and bar in this field. I tried to count the values and filter them accordingly but it doesn't work.</P> Sun, 25 Aug 2019 17:24:50 GMT https://community.splunk.com/t5/Splunk-Search/Multivalue-Field-Filterung-search/m-p/463589#M130693 mklhs 2019-08-25T17:24:50Z Re: Multivalue Field Filterung search https://community.splunk.com/t5/Splunk-Search/Multivalue-Field-Filterung-search/m-p/463590#M130694 <P>@mklhs ,</P> <P>Try</P> <PRE><CODE>your search |where isnotnull(mvfind(field_name,"foo")) AND isnotnull(mvfind(field_name,"bar")) </CODE></PRE> <P>Please note that the argument to mvfind is <CODE>REGEX</CODE> . So based on your field value, you may combine that with regex as well</P> <P>Reference : <A href="https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/MultivalueEvalFunctions#mvfind.28MVFIELD.2C.22REGEX.22.29">https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/MultivalueEvalFunctions#mvfind.28MVFIELD.2C.22REGEX.22.29</A></P> Mon, 26 Aug 2019 04:56:14 GMT https://community.splunk.com/t5/Splunk-Search/Multivalue-Field-Filterung-search/m-p/463590#M130694 renjith_nair 2019-08-26T04:56:14Z