Hi Everyone,

I have one requirement.

I am creating one alert and the query is below:

index=abc ns=blazepsfpublish "NullPointerException" | rex "message=(?<ExceptionMessage>[^\n]+)"|dedup ExceptionMessage,ns|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")|table app_name, ExceptionMessage ,_time, environment, pod_name,ns|rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name

My requirement is that I have multiple 6-7 ns and I want to include them in same query rather then appending.

Can someone guide me on this .

Below are my ns names:

sidh-datagraph

datagraph

etc

How can I include all ns   in single query