Function to include rows if they follow any rule described below
This function ignores events if the specified field does not match the specified value. Events that don't match the condition will be lost. You can set multiple fields for filtering at once.
The function parameters specify the field, the comparison type ("equal", "do not equal"," are blank"," are not blank"," contain"," do not contain"," greater than"," greater than or equals to"," less than"," less than or equals to"," regexp"), and the value.
When you select the "regexp" comparison type, you can specify the regular expression that the specified field should match. If it does not match the specified expression, the event will be ignored
For example, there is a list of events that contain the consumed traffic and the system from which this traffic came. We only need to get traffic from a system named 'Web'. Set field Name = 'systemName', Filter Type = 'equal', Value = 'Web' in the function parameters. As a result, we get a list of events that have the 'systemName' equals 'Web'.
Updated about 1 year ago