topic Re: How to add two filter criteria in one search query in Dashboards & Visualizations https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-two-filter-criteria-in-one-search-query/m-p/522975#M35331 <LI-CODE lang="markup">index=abc ns=xyz app_name=sd "ARC EVENT RECEIVED FROM SOURCE" OR "ARC SUCCESSFULLY UPDATED RESPONSE BACK TO SOURCE OR SF"| rex "RID:(?&lt;RID&gt;(\w+-){4}\w+)-(?&lt;sourceagent&gt;\w+-\w+)" | stats count, by sourceagent,RID | rename sourceagent as "Source"|fields RID Source</LI-CODE> Mon, 05 Oct 2020 12:11:35 GMT ITWhisperer 2020-10-05T12:11:35Z How to add two filter criteria in one search query https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-two-filter-criteria-in-one-search-query/m-p/522959#M35328 <P>Hi Everyone,</P><P>I have two search queries with two filter criteria's&nbsp;</P><P>1st query:</P><P>index=abc ns=xyz app_name=sd "ARC EVENT RECEIVED FROM SOURCE"| rex "RID:(?&lt;RID&gt;(\w+-){4}\w+)-(?&lt;sourceagent&gt;\w+-\w+)"<BR />| stats count, by sourceagent,RID<BR />| rename sourceagent as "Source"|fields RID Source</P><P>2nd query</P><P>index=abc ns=xyz app_name=sd"ARC SUCCESSFULLY UPDATED RESPONSE BACK TO SOURCE OR SF"| rex "RID:(?&lt;RID&gt;(\w+-){4}\w+)-(?&lt;sourceagent&gt;\w+-\w+)"<BR />| stats count, by sourceagent,RID<BR />| rename sourceagent as "Source"|fields RID Source</P><P>Since the search is same for both only the filter criteria is different like&nbsp;"ARC EVENT RECEIVED FROM SOURCE" and&nbsp;"ARC SUCCESSFULLY UPDATED RESPONSE BACK TO SOURCE OR SF".</P><P>How can I make it a single query with two filter criteria.</P><P>Can someone guide me on that.</P> Mon, 05 Oct 2020 11:34:04 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-two-filter-criteria-in-one-search-query/m-p/522959#M35328 aditsss 2020-10-05T11:34:04Z Re: How to add two filter criteria in one search query https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-two-filter-criteria-in-one-search-query/m-p/522975#M35331 <LI-CODE lang="markup">index=abc ns=xyz app_name=sd "ARC EVENT RECEIVED FROM SOURCE" OR "ARC SUCCESSFULLY UPDATED RESPONSE BACK TO SOURCE OR SF"| rex "RID:(?&lt;RID&gt;(\w+-){4}\w+)-(?&lt;sourceagent&gt;\w+-\w+)" | stats count, by sourceagent,RID | rename sourceagent as "Source"|fields RID Source</LI-CODE> Mon, 05 Oct 2020 12:11:35 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-two-filter-criteria-in-one-search-query/m-p/522975#M35331 ITWhisperer 2020-10-05T12:11:35Z