Splunk Search

How to remove certain values from table column?


I have a extracted a field, which has mutiple values

applname = app1, app2 , app3

when i form a table with applname column it lists all the app names. But i need only app2 and app3, Not app1

How do i remove only app1 from table

0 Karma


It depends on what distinguishes app1 from the other apps. Check the mvfilter and mvindex functions.

If this reply helps you, an upvote would be appreciated.
0 Karma