How to write filter in tshark to get only data I need?

edit

If I understand correctly #N syntax e.g. #2 should display second occurrence if there are multiple options. I have captured many files and I see the number of occurrences differ. I can never say like second occurrence is the data I want.

Actually what I would like to have is display such drda.param.data.ebcdic where immediate before parameter value is drda.param.codepoint == 0x11a1.

Yes, sure Lau script would be nice, but I have never even heard about Lua language, so my knowledge is null.

Sample capture on the Wireshark wiki: drda_db2_sample.tgz
(It's a pcap inside a tar inside a gzip)
For drda.param.codepoint in {0x2110, 0x11a1, 0x11a0} you would like drda.param.codepoint and drda.param.data.ebcdic ?

For the sample capture mentioned above, this is the output with Lua script to extract EBCDIC data for a list of specific codepoints
(ignore -C Guacamole - Default profile is hosed at the moment)

p$ tshark -C Guacamole -r drda_db2_sample.cap -T json -e easypost.data_ebcdic -Y "drda.param.codepoint == 0x11a1"
[
  {
    "_index": "packets-2007-04-02",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "easypost.data_ebcdic": [
          "MYDB2DB           ",
          "MYUSER",
          "MYUSER",
          "MYDB2DB           "
        ]
      }
    }
  }
]
p$

I checked the DRDA sample from Wireshark samples and I see you have one entry too much in output. In this case in TCP packet there are two PDUs. I only need data from SECCHK PDU.

There is not a relationship between the drda.ddm.codepoint and drda.param.codepoint fields.

Code point: SECCHK (0x106e) - drda.ddm.codepoint
Code point: ACCRDB (0x2001) - drda.ddm.codepoint

Code point: SECMEC (0x11a2) - drda.param.codepoint
Code point: RDBNAM (0x2110) - drda.param.codepoint
Code point: USRID (0x11a0) - drda.param.codepoint
Code point: PASSWORD (0x11a1) - drda.param.codepoint

Are the parameters you're after always part of a SECMEC (0x11a2?
Or are they always in the same order - RDBNAM (0x2110), USRID (0x11a0), PASSWORD (0x11a1)?

Yes, parameters are always part of SECMEC (0x11a2). No, order of parameters RDBNAM (0x2110), USRID (0x11a0), PASSWORD (0x11a1 can be different and also other parameters may bi displayed inside this SECMEC section.