Splunk Search

Help Combining 2 regex searches

ssehgal
Explorer

hi,
i have been trying to combine these two searches together. can some one please help combine them.

first search: index=pci_hpd_index device_id=FGT* | regex log_id="4454[4-7]"

second search: index=pci_hpd_index device_id=FGT* | regex log_id="32[0-5][0-4][0-9]"

Tags (1)
0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

If by combine you mean find events matching at least one of the regular expressions, use the pipe symbol to get a regex "or":

... | regex log_id="(4454[4-7])|(32[0-5][0-4][0-9])"

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

If by combine you mean find events matching at least one of the regular expressions, use the pipe symbol to get a regex "or":

... | regex log_id="(4454[4-7])|(32[0-5][0-4][0-9])"

View solution in original post

ssehgal
Explorer

thanks that helped a lot. it works now.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!