In in my host field I have several different addresses, 4 of these addresses are from Location1 and the rest are from Location2. I have constructed the below query to look for the matching addresses within the host fields and assign Location1 to those that match. I can't seem to look for the addresses I want to find in one match statement and the results from the query below, although correct, are a bit messy. Is is possible to use an OR statement within a match or is there another way of going about this?
index=serverapps | eval Loc=if((match(host,"12.34.56.78*")),"Location1","Location2") | eval Loc1=if((match(host,"12.345.67.*")),"Location1","Location2") | stats count by host,Loc,Loc1
... View more