I would like to remove multiple values from a multi-value field.
Example:
field_multivalue = pink,fluffy,unicorns
Remove pink and fluffy so that:
field_multivalue = unicorns
I am thinking maybe:
| stats values(field1) AS field_multivalue by field2 | mvfilter
OR
| stats values(field1) AS field_multivalue by field2 | mvexpand field_multivalue | search field_multivalue!="pink" field_multivalue!="fluffy" | mvcombine field_multivalue
How would you recommend doing this? The list of values to filter out is over a dozen.
↧