Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Splunk search help -- output data should match sets of keywords

dantimola
Communicator
โ€Ž09-21-2017 09:33 PM

Hi, Fellow Splunkers,

Had post a question this past few days about matching 2 words or more ( https://answers.splunk.com/answers/577564/splunk-search-help-output-data-should-match-2-or-m.html), however, this case is working if you have to match 1 word only, my problem is that I have to match 3 sets of words for my output. For example:

case 1: Apple Banana Cupcake
case 2: foo1 foo2 foo3
case 3: food drinks people

Field = The Apple and Banana are fruit (matched word are in case 1: Apple and Banana)

Can I possibly do this in Splunk search? Thanks in advance.

Tags (3)
0 Karma
Reply

inventsekar
Champion
โ€Ž09-21-2017 10:24 PM

not sure of "my problem is that I have to match 3 sets of words for my output",
but if the query words can be searched together..

  .....| rex "(?i)(?Apple|Banana|Cupcake|foo1|foo2|foo3|food|drinks|people)" max_match=0

       | where mvcount(matchword)>1

0 Karma
Reply