I have 4 strings which are inside these tags OrderMessage 1) "Missed Delivery cut-off, Redated to <>" 2) "Existing account, Changed phone from <> to <>" 3) "Flagged as HLD" 4) "Flagged as FRD" The date and phone number will be different but the string will be fixed each time. So I need a search which brings back a timechart count of how many times this string is logged. My current search brings back 3 of these strings but does not include the last one. I need the last "Flagged as FRD" string to be counted. index="uvtrans" "<a:OrderMessage>*</a:OrderMessage>" NOT "<a:OrderMessage>OK</a:OrderMessage>" | rex "\<a:OrderMessage\>(?P<Phrase>.*?)\<V\a:OrderMessage\>" | eval Phrase=case( match(Phrase,"Missed Delivery cut-off, Redated to"), "Missed Delivery cut-off, Redated to <<Date>>", match(Phrase,"Existing account, Changed phone from "), "Existing account, Changed phone from <<PhoneNumber>> to <<PhoneNumber>>", match(Phrase, "Customer Master flagged as HLD."), "Flagged as HLD", match(Phrase,"Customer Master flagged as FRD."), "Flagged as FRD") | timechart span=1week count by Phrase ... View more

I currently have a 4 different phrases which are between the fixed words "a:OrderMessage and a/:OrderMessage" . I have 1 phrase " Missed Delivery cut-off, Redated to 02/04/15 " but this has many different dates. I need a regex which counts the number of different phrases and creates a timechart showing a weekly count of them. My current search.. This counts each phrase with a different date as an independent event rather than the same one index="uvtrans" "<a:OrderMessage>*</a:OrderMessage>" NOT "<a:OrderMessage>OK</a:OrderMessage>" | rex "\<a:OrderMessage\>(?P<Phrase>.*?)\<\/a:OrderMessage\>" | timechart span=1week count by Phrase Example " Missed Delivery cut-off, Redated to 01/18/15 " " Missed Delivery cut-off, Redated to 02/04/15 " " Existing account, Changed phone from 1111111111 to 2222222222 " (2) Missed Delivery cut-off, Redated to (1) Existing account, Changed phone from ... View more

I have 61 events which have a string between ''and '' There's 3-4 different phrases that go between those 2 fixed strings. So I need a regular expression which can pick up whatever phrase is between ''and ''. Example: <a:OrderMessage>Missed Delivery cut-off, Redated</a:OrderMessage> Phrase = "Missed Delivery cut-off, Redated" ... View more

I have this string.. <a:StatusMessage i:nil="true"></a:StatusMessage> I have millions of these strings which do not have anything between the 2 tags.. Now there are maybe a hundred of those strings that have something between those two tag,s but I don't remember what it was. How can I write a search to exclude all results that have nothing between the 2 tags and include results that have something between the tags? Example: I'm looking for something like this where it says EXCEPTION <a:StatusMessage i:nil="true">EXCEPTION</a:StatusMessage> ... View more

I currently have a dashboard with 24 panels on it. I went ahead and set each report/panel to accelerated and also put it in fast mode. All of the panels are set for 'Year to Date' and some of the panels will have more than 50 million matches each. So will the accelerated searching cache the historic data so it's faster to load that dashboard later? If accelerated searching does cache my historic data, then would I have to wait for the data to be 100% loaded for it to be successfully cached or could it be partially loaded then come back to it later and have what was cached so far? ... View more