https://community.splunk.com/t5/Splunk-Search/multiple-searches-in-multiple-sourcetypes-resulting-in-a-single/m-p/202454#M176273 <P>I am not sure how befitting it is in your scenario but if Idea is just to avoid writing OR(s) between 50 patterns to search then can you try this:</P> <P>1) Make a csv file of all your pattern and upload it as a lookup say <CODE>patterns.csv</CODE> which has fieldname (say) <CODE>PatternField</CODE></P> <PRE><CODE>PatternField Login status is Account details flow for Apple Phone for user Id Payment status and Account details flow for Android Phone for user Id finger print status of User id Transfer account status </CODE></PRE> <P>After that use the below query to complete your search by replacing your sourcetype names for "A", "B", "C" and so on:</P> <P><CODE>sourcetype=A OR sourcetype=B OR sourcetype=C ([|inputlookup patterns.csv | fields PatternField | return 50 $PatternField ] )</CODE></P> <P>Hope this helps.</P> Mon, 07 Nov 2016 08:22:02 GMT gokadroid 2016-11-07T08:22:02Z https://community.splunk.com/t5/Splunk-Search/multiple-searches-in-multiple-sourcetypes-resulting-in-a-single/m-p/202453#M176272 <P>Below are the few patterns that I wanted to search from multiple sourcetypes and get the count. I have around 50 patterns. <BR /> Is the only way to write OR in between each search and get the counts in a single chart or is there any other better way.</P> <P>Login status is<BR /> Account details flow for Apple Phone for user Id XXXXXX<BR /> Payment status and XXXXX YYYYYYY <BR /> Account details flow for Android Phone for user Id XXXXXX<BR /> finger print status of User id YYYYY<BR /> Transfer account status ZZZZZZ AAAAAA</P> Wed, 02 Nov 2016 04:24:15 GMT https://community.splunk.com/t5/Splunk-Search/multiple-searches-in-multiple-sourcetypes-resulting-in-a-single/m-p/202453#M176272 sailey 2016-11-02T04:24:15Z https://community.splunk.com/t5/Splunk-Search/multiple-searches-in-multiple-sourcetypes-resulting-in-a-single/m-p/202454#M176273 <P>I am not sure how befitting it is in your scenario but if Idea is just to avoid writing OR(s) between 50 patterns to search then can you try this:</P> <P>1) Make a csv file of all your pattern and upload it as a lookup say <CODE>patterns.csv</CODE> which has fieldname (say) <CODE>PatternField</CODE></P> <PRE><CODE>PatternField Login status is Account details flow for Apple Phone for user Id Payment status and Account details flow for Android Phone for user Id finger print status of User id Transfer account status </CODE></PRE> <P>After that use the below query to complete your search by replacing your sourcetype names for "A", "B", "C" and so on:</P> <P><CODE>sourcetype=A OR sourcetype=B OR sourcetype=C ([|inputlookup patterns.csv | fields PatternField | return 50 $PatternField ] )</CODE></P> <P>Hope this helps.</P> Mon, 07 Nov 2016 08:22:02 GMT https://community.splunk.com/t5/Splunk-Search/multiple-searches-in-multiple-sourcetypes-resulting-in-a-single/m-p/202454#M176273 gokadroid 2016-11-07T08:22:02Z