Apologies for replying late as I am doing some other works also.. based on your above given query it is running but showing all the columns where you have mentioned only ABN column and secondly now If i am running your first query that you gave me in starting [index=sand_box sourcetype="sc-kofax-extracts" $supplier name$=* $supplier address$=* $VAT Reg.$=* | eval VATlen=len(ABN) | where VATlen>11 OR NOT isnum(ABN)] now it is giving me result "no result found".. Do you have any idea why this happening with both queries?

Regards
Ankit

Forget about the first answer (I just deleted it); it was full of conjecture and was rendered irrelevant by your clarification. If you need just those 3 fields, you can do this:

    index=sand_box sourcetype="sc-kofax-extracts" | table SupplierName SupplierAddress ABN

it is the tab delimited file from where splunk taking values so It is taking some null values as well as in some columns there is no values and only (|) sign are there so could you please give me some idea that how to avoid null values in table?

Regards
Ankit

Hey.. I got the data exactly I want so once again thanks to you but there is one little problem with the query

index=sand_box sourcetype="sc-kofax-extracts" | table SupplierName SupplierAddress ABN | stats values(*) as * by SupplierName, SupplierAddress | eval VATlen=len(ABN) | where VATlen>11 OR NOT isnum(ABN)

I am using above given query when i am executing it, it is showing the supplier whom ABN no. less than 11 digit but still one supplier is showing in result with 11 digit numeric number so do you have any idea why it is showing that supplier?

Thanks & Regards
Ankit

It must be because there is leading or trailing whitespace around it, which will cause the isnum check to fail.

thanks .. I will dig it into it..

Regards
Ankit