Here’s the scenario:
I have a rest call that pulls in csv data, translates it into kv pairs, but now I want to filter out events where a certain field (non-indexed) are equal to a certain value.

One technique, use Regex Extract(), Eval() or a Parser() to pull the data into an internal (double underscore field)

• Function to pull data out
• Drop function matching on that extracted field

There are several ways to accomplish this. This example details one.