Hello,
I'm new to Splunk, so please pardon me if this is too easy of a question. I'm trying to list attempted operation vs. passed operation and categorize it by apps. Below is the search that I have:
index="cts-test-app" source=*PERF* | rex "DN: (?<ConsumingApp>.*?)[}\s]" | stats count(eval(searchmatch("GET /Refid"))) AS "Attempted" count(eval(searchmatch("POST /refid"))) AS "Passed"
Now, for both operations, there could be another string indicator. Essentially I want to insert OR operation, something like this:
index="cts-test-app" source=*PERF* | rex "DN: (?<ConsumingApp>.*?)[}\s]" | stats count(eval(searchmatch(**"GET /Refid" OR "GET /SomeId"**))) AS "Attempted" count(eval(searchmatch(**"POST /refid" OR "POST /SomeId"**))) AS "Passed"
Is there a way to do this with searchmatch ? If not, can this search be rewritten in a way that would achieve this objective?
Any help will be much appreciated.
... View more