Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Limitation on number of boolean clauses within search string

jcart11entergy
Engager
‎08-17-2018 09:14 AM

Is there a limitation on the number of search boolean clauses (i.e. OR, AND) within a search string?

For example | search 'user1' OR 'user2' OR 'user3' OR ... 'user180'

It seems like the color of OR changes from orange to black after a certain number.

(I know need to figure out a way to shorten string due to blah, blah..)

0 Karma
Reply

horsefez
Motivator
‎08-18-2018 12:39 AM

@jcart11entergy

I don't think there is a limit of boolean clauses you will reach easily. After a while the "syntax highlighting function" simply gives up to highlight the "OR" 's appropriately.

But you really need to figure out a way to shorten the string.
I already found a solution for you. Lookup Tables!

http://docs.splunk.com/Documentation/Splunk/7.1.2/SearchReference/Lookup

0 Karma
Reply
Get Updates on the Splunk Community!

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...