×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
christi2019
New Member
Member since: ‎05-02-2019
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-02-2019
Activity Feed
View All

Re: Searchmatch with AND does not work

by in Splunk Search
‎05-02-2019 11:10 AM
‎05-02-2019 11:10 AM
thanks Niketnilay. ... View more

Searchmatch with AND does not work

by in Splunk Search
‎05-02-2019 08:24 AM
‎05-02-2019 08:24 AM
Notifications and ChangeNotifications present in both indices and I want to separate them by index type and count them. Looks like searchmatch with AND function seems not working.Is there better way to have these fields seperated by index type. index=service1 OR index=service2 */application/Notification OR */application/changeNotification | eval timeevents=case(searchmatch("Notifcations" AND "index=service1" ),"Service1NewNotification", searchmatch("Notifcations" AND "index=service2" ),"service2NewNotification", searchmatch("changeNotifications"AND "index=service1"), "service1newChangeNotifications", searchmatch("changeNotifications"AND "index=service2"), "service2newChangeNotifications", | stats count by index, timeevents ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM