Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk search help -- output data should match sets of keywords

dantimola
Communicator
‎09-21-2017 09:33 PM

Hi, Fellow Splunkers,

Had post a question this past few days about matching 2 words or more ( https://answers.splunk.com/answers/577564/splunk-search-help-output-data-should-match-2-or-m.html), however, this case is working if you have to match 1 word only, my problem is that I have to match 3 sets of words for my output. For example:

case 1: Apple Banana Cupcake
case 2: foo1 foo2 foo3
case 3: food drinks people

Field = The Apple and Banana are fruit (matched word are in case 1: Apple and Banana)

Can I possibly do this in Splunk search? Thanks in advance.

Tags (3)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎09-21-2017 10:24 PM

not sure of "my problem is that I have to match 3 sets of words for my output",
but if the query words can be searched together..

  .....| rex "(?i)(?Apple|Banana|Cupcake|foo1|foo2|foo3|food|drinks|people)" max_match=0

       | where mvcount(matchword)>1

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
Top