Hi,
I want to use multiple REGEX in OR condition in a single search. For Ex:
REGEX 1: "VDL2PortPropSet.* : Failure" OR
REGEX 2: "Vpxa.*Copied" OR
REGEX 3: "opswitch.+ Failed to find netstack 'opswitch'"
How can I achieve this? Sorry if my question is repeated.
Please help.
You should be able to just put this in a single regex using the regex OR operator:
"VDL2PortPropSet.* : Failure|Vpxa.*Copied|opswitch.+ Failed to find netstack 'opswitch'"
I'll test this when I get to a system, but in the meantime give this a shot
For these simple examples you might even be fine without regex
at all to speed up the search:
index=foo sourcetype=bar ("VDL2PortPropSet* : Failure" OR "Vpxa*Copied" OR "opswitch* Failed to find netstack 'opswitch'") | rest of the search pipeline
Okey, that kind of search didn't work for me! Strange
Wildcard searches have been part of Splunk since forever.
Hi martin_mueller,
Thanks for your answer. This kind of search did not work for me. Is it supported from Splunk version 6.2.1? I am using 6.1.8
You should be able to just put this in a single regex using the regex OR operator:
"VDL2PortPropSet.* : Failure|Vpxa.*Copied|opswitch.+ Failed to find netstack 'opswitch'"
I'll test this when I get to a system, but in the meantime give this a shot
It worked ! Thank you very much
You're absolutely welcome