Solved: How to combine multiple search raw strings in a si...

rkishoreqa · ‎02-05-2021

Hi,

I need to do search with multiple raw strings within a single query. When I search these strings separately, I am able to get the results. But when I combine these it is not giving the results and ending with 'No results found'.

The below three queries are working fine.

sourcetype="States*" *Karnataka*
sourcetype="States*" *Tamil Nadu*
sourcetype="States*" *Mumbai*

When I execute the below query I am getting 'No results found' comment.

sourcetype="States*" *Karnataka* *Tamil Nadu* *Mumbai*

Can anyone through some light on this, thanks in advance.

richgalloway · ‎02-05-2021

SPL inserts an implicit AND between each search term. To search for optional terms, insert an explicit OR.

sourcetype="States*" ("*Karnataka*" OR "*Tamil Nadu*" OR "*Mumbai*")

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎02-05-2021

SPL inserts an implicit AND between each search term. To search for optional terms, insert an explicit OR.

sourcetype="States*" ("*Karnataka*" OR "*Tamil Nadu*" OR "*Mumbai*")

---
If this reply helps you, Karma would be appreciated.

saravanan90 · ‎02-05-2021

Please use "OR" inbetween the searches..

sourcetype="States*" (*Karnataka* OR *Tamil Nadu* OR *Mumbai*)

How to combine multiple search raw strings in a single query

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation