If a field has two values but I want to pick only one. Could you please suggest me with the help of which command I can do that ?
just as say
Field A= B,C
Try something like this:
| makeresults | eval _raw="A=B,C" | rex "A=(?P<val>\S+)" | makemv delim="," val | eval choice=mvindex(val,1), not=mvindex(val,0)
You will have to provide your search, but the use of mvindex is what you want to see.