If I follow your question it should just be a matter of crafting your expression properly
simple example:
index = idx1 | regex name="\w|\d"
Should return results where the value of the field called name is a word or digit character
If I follow your question it should just be a matter of crafting your expression properly
simple example:
index = idx1 | regex name="\w|\d"
Should return results where the value of the field called name is a word or digit character
Can we use upper function also to make the regular expression search case insensitive or is there any other way ?
Yes, you should be able to use any valid PCRE.
Splunk's documentation can explain this much better than I:
http://docs.splunk.com/Documentation/Splunk/6.3.0/Knowledge/AboutSplunkregularexpressions