Can we put or in 2 regex conditions?
If no, is there any alternative?
for example
index = idx1 | regex name = ^Aa or id = ^101
If I follow your question it should just be a matter of crafting your expression properly simple example:
index = idx1 | regex name="\w|\d"
Should return results where the value of the field called name is a word or digit character
View solution in original post
Can we use upper function also to make the regular expression search case insensitive or is there any other way ?
Yes, you should be able to use any valid PCRE. Splunk's documentation can explain this much better than I: http://docs.splunk.com/Documentation/Splunk/6.3.0/Knowledge/AboutSplunkregularexpressions
