Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

is there an 'ISIN' function ins splunk?

ccfenix
New Member
‎07-11-2014 01:32 AM

Hi,

in some table-oriented programming languages, there is an 'isin' function which returns true if the input is in a given set e.g. in python pandas we can do

country.isin(['UK', 'USA', 'FR', 'JP'])

is there something like this in splunk?

ISIN(country, ['UK', 'USA', 'FR', 'JP'])

thanks a lot!

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎07-11-2014 03:43 AM

Subsearches mimic this behaviour by building OR'd chains. Assume your list is stored in a lookup, then you can do this:

some search stuff [inputlookup country_list | fields country]

That'll build an OR'd list for each row in the lookup, for your example country=UK OR country=USA OR country=FR OR country=JP.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...