Update#2- per latest comment
index=hdx_payer sourcetype=hdx_payer_receive_logs | regex _raw="(AAA.*Y.*42.*|AAA.*Y.*80.*)"
index=hdx_payer sourcetype=hdx_payer_receive_logs | regex _raw="(AAA.Y..42.*|AAA.Y..80.*)"
I tried that. Here is the error I got:
Error in 'SearchOperator:regex': The regex '(AAAY42|AAAY80)' is invalid. Regex: nothing to repeat
Sorry, I was not clear.
How I'm trying to search for AAAY41 and AAAY**80 in a log file. I have to regex around both of these. I'm having trouble getting the two regex's into one search.
You'll get much better help if you clarify a number of things.
What does the
* mean in your question? It doesn't seem to be the regular expression
*. Your example has
Y** which isn't a valid regex due to the two
* in a row (that's what's causing the "nothing to repeat" error).
It would help a lot if you gave example of the things you want to match.
Also, you need to confirm if you want both your patterns to match or either. Is this an AND or an OR that you want?
Sorry for the confusion. Our files contain what are called triple A errors. For this question there are two AAA errors that are showing up in a file. They are AAAY41 and AAAY80. The asterix you see are delimiters in the files. That is exactly how the AAA error looks. I'm not using the asterix as wide cards. I know I have to regex around them, I'm having trouble adding two AAA errors into one search. I'm looking for AAA*Y41 OR AAAY*80. I want to find them both. Thanks.