Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Search multi-valued field with specific values

vjajula
Engager
‎10-12-2021 05:42 PM

Hi All,

Can someone help me with the following

 ColY represents multi-value field. I want to search all rows which have null, 0 and someother values in ColY

Based on the below example output rows should be for A123456, A123461 

ColXColY
A123456null
0
56789
987654
A1234574332
A12345854322
0
A123459

null

0

A1234602345667
7665443
A123461

null

788765

0

A123462

876543

null

 

 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎10-12-2021 06:22 PM

Hi @vjajula 

You can try search command,

<your base search> | search coIY=null AND coIy=0

 --

An upvote would be appreciated if this reply helps!

View solution in original post

Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎10-12-2021 06:22 PM

Hi @vjajula 

You can try search command,

<your base search> | search coIY=null AND coIy=0

 --

An upvote would be appreciated if this reply helps!

Reply
Solved! Jump to solution

vjajula
Engager
‎10-12-2021 06:36 PM

Thanks for the solution. This is perfect

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...