We have updated our Terms of Service, Code of Conduct, and Addendum.

How would I go about filtering out events where a field is equal to a certain value?

Tony Reinke - Cribl
Tony Reinke - Cribl Posts: 134 admin
in Stream

Here's the scenario:

I have a rest call that pulls in csv data, translates it into kv pairs, but now I want to filter out events where a certain field (non-indexed) are equal to a certain value.

Tagged:

Best Answer

  • pie
    pie Posts: 22 ✭✭
    Answer ✓

    One technique, use Regex Extract(), Eval() or a Parser() to pull the data into an internal (double underscore field)

    • Function to pull data out
    • Drop function matching on that extracted field

    There are several ways to accomplish this. This example details one.

Answers

  • pie
    pie Posts: 22 ✭✭
    Answer ✓

    One technique, use Regex Extract(), Eval() or a Parser() to pull the data into an internal (double underscore field)

    • Function to pull data out
    • Drop function matching on that extracted field

    There are several ways to accomplish this. This example details one.

Categories