Remove mulitple values from a multivalue field

Hygiene
Azeemering
You already voted!

This Splunk search is an example on how to remove unwanted values from multivalue fields using mvfilter.

| gentimes start=-1 | eval field1="pink,fluffy,unicorns" | table field1 | makemv field1 delim="," | eval field1_filtered=mvfilter(NOT match(field1,"pink") AND NOT match(field1,"fluffy"))

Share This:

Tagged: spl multi value field mvfilter

Leave A Comment? Click here to cancel reply.

Newest | Active

Борис

Active 2 hours, 7 minutes ago
Sanjai

Active 5 days, 17 hours ago
bewafaha

Active 1 week, 1 day ago
sadloveshayari

Active 1 week, 2 days ago
hivatatt

Active 1 week, 6 days ago