Forum Discussion
KQL query: except where condition1, condition2, and condition3 all evaluate true
Hi Sentinel friends, I've googled and read through many guides and can't find an easy way to perform a multi-variable exclusion statement. I need to be able to exclude a result if multiple variab...
In the better late than never category. A slight miss on the Boolean logic. Never do a join if you can avoid it. This should work:
Table
| where Event == "12"
| where condition1 != ‘x’ OR condition2 != ‘y’ OR condition 3 != ‘z’
if any of the != conditions are true, then the where is true and the row will be included in the result.