I want to drop all logs who don't contain the dns.question.name field (or if the field is empty) how would i do this?
This issue against the (broken) best-practice document shows you how to test this in a way that works for all field types, including boolean.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.