How to return or display the value that is being s...

sriky · ‎07-17-2018

When i search multiple values like (search a OR b OR c OR d OR e) how i can return or display the value which is not coming in the search results

woodcock · ‎07-18-2018

This is the Sentinel Search problem discussed (with solution) here:

CarsonZa · ‎07-17-2018

@skoelpin is referring to something like this

| appendpipe 
    [ |stats count(a) as a
    | eval empty=if(isnum(a),"0", "a")]

you would have to add the append to for each category a, b, c... etc

sriky · ‎07-18-2018

if i try to add append for each category i am getting error as Error in 'appendpipe' command: The last argument must be a subsearch.

aaaa@gmail.com | appendpipe [stats count as 1] OR ccc@gmail.com| appendpipe [stats count as 2]

CarsonZa · ‎07-18-2018

each append needs to be closed by "]". that closes the statement but you have a random OR in there

skoelpin · ‎07-17-2018

You will need to do a sub search and append the results onto the first search

sriky · ‎07-17-2018

Hi, Could you please show me some examples?

How to return or display the value that is being searched and if not coming in the search results