Say I have two searches on data sets which contain four fields [field1, field2, field3, field4], e.g.
[1,20,am,a]
[1,20,am,b]
[1,20,pm,b]
[1,20,pm,c]
Search 1: field1 = 1, field2 = 20, field3 = am will return [1,20,am,a] and [1,20,am,b]
Search 2: field1 = 1, field2 = 20, field3 = pm will return [1,20,pm, b] and [1,20,pm,c]
Yet I'm interested in field4 and those events with values of field4 exclusively in my first search, i.e. [1,2,am,a] in this case since field4=b is also presented in second search.
What would be an efficient way to do so? Thanks a lot!
... View more