Splunk Search

Can we put or in 2 regex conditions

aashish_122001
Explorer

Can we put or in 2 regex conditions?

If no, is there any alternative?

for example

index = idx1 | regex name = ^Aa or id = ^101

Tags (2)
0 Karma
1 Solution

mtranchita
Communicator

If I follow your question it should just be a matter of crafting your expression properly
simple example:

index = idx1 | regex name="\w|\d"

Should return results where the value of the field called name is a word or digit character

View solution in original post

0 Karma

mtranchita
Communicator

If I follow your question it should just be a matter of crafting your expression properly
simple example:

index = idx1 | regex name="\w|\d"

Should return results where the value of the field called name is a word or digit character

View solution in original post

0 Karma

aashish_122001
Explorer

Can we use upper function also to make the regular expression search case insensitive or is there any other way ?

0 Karma

mtranchita
Communicator

Yes, you should be able to use any valid PCRE.
Splunk's documentation can explain this much better than I:
http://docs.splunk.com/Documentation/Splunk/6.3.0/Knowledge/AboutSplunkregularexpressions

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!