Splunk Enterprise

is there an 'ISIN' function ins splunk?

ccfenix
New Member

Hi,

in some table-oriented programming languages, there is an 'isin' function which returns true if the input is in a given set e.g. in python pandas we can do

country.isin(['UK', 'USA', 'FR', 'JP'])

is there something like this in splunk?

ISIN(country, ['UK', 'USA', 'FR', 'JP'])

thanks a lot!

Tags (1)
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Subsearches mimic this behaviour by building OR'd chains. Assume your list is stored in a lookup, then you can do this:

some search stuff [inputlookup country_list | fields country]

That'll build an OR'd list for each row in the lookup, for your example country=UK OR country=USA OR country=FR OR country=JP.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...