How do I write a search to filter out certain valu...

asarran · ‎08-04-2016

Hey Fellow Splunkers

I have an issue when searching for similar events that are only unique by one character.

Example: (L= lbs G=Grams)

Vegetables=5.1Lbs
Vegetables=2.1Gbs

Giving this example, If I search for Vegetable="*", it will populate both:

Vegetables=5.1Lbs
Vegetables=2.1Gbs

How can I search Vegetables="" and have it only populate:

Vegetables=2.1Gbs
Vegetables=9.2Gbs
Vegetables=4.3Gbs
Vegetables=3.5Gbs
Vegetables=2.8Gbs

Basically, i would like the emphasis of the search solely specifically with Vegetables, but only populate the events with "Gbs", not "Lbs"?

sundareshr · ‎08-04-2016

If you want to only return Gbs, try vegetables="*Gbs" OR NOT vegetable="*Lbs" (to catch everything except Lbs)

asarran · ‎08-04-2016

Thank You, i didn't realize how simple that was lol. I'm sorry.

sundareshr · ‎08-04-2016

Happens to all of us 🙂 If this worked for you, please accept the answer to close it out.

How do I write a search to filter out certain values for a field?