Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Multiple where values

ashishlal82
Explorer
‎08-25-2016 10:45 AM

how can I use multiple values in where clause

for ex:index=xyz sourcetype=abc | dedup name | where name="2009-2274" 2009-2271"

This is giving me an error, can I use OR clause to get field values for the above mentioned values

Tags (2)
0 Karma
Reply

DalJeanis
Legend
‎02-28-2017 12:33 PM

Yes, you can use OR. The actual issue there is probably that you are missing the word OR and missing a quote before the value 2009-2271.

0 Karma
Reply

jbanerje
Explorer
‎02-28-2017 08:24 AM

Multiple conditions can be checked by the where clause as shown below :

| inputlookup test.csv | where like(field1, "IP") and not like(field2, "Pass")

0 Karma
Reply

sundareshr
Legend
‎08-25-2016 10:49 AM

Yes, you can use OR, like this where name="abc" OR name="xyz" OR you can use ... | search name="abc" OR name="xyz". Having said that, you should always try to reduce as much as you can in the first (implicit) search command in terms of efficiency. So I would change your query to 

index=xyz sourcetype=abc (name="2009-2274" OR name="2009-2271") | dedup name
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...