Answer by warren for Regex Search for absence of a string inside a string multiline

Posted on 5 December 2023

You need to look into mvfilter – once the data is in multivalue fields in Splunk, you can do something like the following:

| eval missing_item_list = mvfilter(!match(full_list,"bb"))

from User warren – Stack Overflow https://stackoverflow.com/questions/77579583/regex-search-for-absence-of-a-string-inside-a-string-multiline/77607025#77607025
via IFTTT

merikebi

warrenmyers.com