Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to exclude a list of values for a field?

jundai
Explorer
‎05-17-2012 08:35 PM

Is there a shorthand for:

host=SOMEENV* Type=Error NOT EventCode=1234 NOT EventCode=2345 NOT EventCode=3456 NOT EventCode=4567 NOT EventCode=5678 NOT EventCode=6789 NOT EventCode=7890

Basically, I'm looking for something like:

host=SOMEENV* Type=Error NOT EventCode IN (1234, 2345, 3456, 4567, 5678, 6789, 7890)

but of course that doesn't work 🙂

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

Damien_Dallimor
Ultra Champion
‎05-17-2012 09:02 PM 
host=SOMEENV* Type=Error NOT (EventCode=1234 OR EventCode=2345 OR EventCode=3456 OR EventCode=4567 OR EventCode=5678 OR EventCode=6789 OR EventCode=7890 )

View solution in original post

Reply
Solved! Jump to solution

AndyMarr
Explorer
‎09-18-2018 10:19 AM

Better to use the...NOT EventCode IN...listed in one of the other answers below

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...