I am trying to exclude results from a set of data from an XML data source.
I can search for events containing the particular string but when I change the search to "does not equal" it will return no results at all.
In this example, I want to exclude "Card 3 Total Modems" but Splunk will show no results if I change it or by clicking on the field and selecting "exclude results."
![alt text][1]
source="C:\\Users\\evanr\\splunk\final.xml" host="OSSTEST01" index="prtg_api_cmts" sourcetype="prtg_api" | search "group{@name}"="Twin Valley CMTS" | table _time, group{@name}, group.sensor{@name}, group.sensor.value
[1]: /storage/temp/161203-xml-search.png
↧