Basically I have a search from multiple different sources with lots of raw rex field extractions and transactions and evals. Is it possible to filter out the results after all of those?
E.g. Only show results which fulfil ANY of the below criteria;
If eventcount>2 AND field1=somevaluehere
OR If eventcount>5 AND field1=anothervaluehere
OR If field2!=null()
I'm wondering if this can be done after all the search, rex, transaction, eval and all.
↧