Hello all,
Fairly new to Splunk and have a question.
I am trying to build what seemed like a fairly simple tool but I can't get it to work correctly. I need to search on two different text input values and find results where either value is present. The tricky part is that I don't want to search a field if it's blank.
If I do :
"" *
....(Field1=$value1$ OR Field2=$value2$)
Splunk returns results for all values in either field that is left null. I need to be able to not search at all on either one of these values if they are left null. Thanks in advance!
↧