This is where you will want to use the 'where' command:
http://docs.splunk.com/Documentation/Splunk/7.1.2/SearchReference/Where
Inequalities (such as '<' and '>') cannot be used with the 'search' command, but the can be used with 'where'
<inital_search> | where (OverallAvgNetworkMOS < 3.5 AND isnotnull(OverallAvgNetworkMOS))
OR (Stream_1_PacketLossRate> 0.1 AND isnotnull(Stream_1_PacketLossRate))
OR (Stream_2_PacketLossRate>0.1 AND isnotnull(Stream_2_PacketLossRate))
OR (Stream_1_RoundTrip>500 AND isnotnull(Stream_1_RoundTrip))
OR (Stream_2_RoundTrip>500 AND isnotnull(Stream_2_RoundTrip))
OR (Stream_1_JitterInterArrival>30 AND isnotnull(Stream_1_JitterInterArrival))
OR (Stream_2_JitterInterArrival>30 AND isnotnull(Stream_2_JitterInterArrival)
| table tartTime, EndTime, MediaTypesDescription, FromUri, ToUri, FromIPAddr, ToIPAddr, Stream_1_PacketLossRate, Stream_1_RoundTrip, Stream_1_JitterInterArrival, Stream_2_PacketLossRate, Stream_2_RoundTrip, Stream_2_JitterInterArrival, OverallAvgNetworkMOS
One thing to point out, that is an awful lot of 'OR' statements. Be sure the statement that is most likely to evaluate as true first. Also, I don't believe you need the isnotnull statements. For example, if Stream_2_JitterInterArrival is greater than 30, how can the value be null? Test it out and see what you think.
... View more