thanks!
But, your solution can't work with multiples patterns
My patterns are in a lookup, and for every patterns, i've specifics values in others fields.
The goal is to compare a lot of _raw with multiples patterns in my lookup for monitoring log.
does it exist a library in python for use function searchmatch ?, i can develop a custom command with it that will take parameter in searchmatch function because is not possible dynamically with splunk core without use map command.
my wish:
| makeresults | eval _raw="foo bar var"| eval different_pattern ="var OR test,foo AND bar,bar" | makemv different_pattern delim="," | mvexpand different_pattern_spl_format | eval result =if(searchmatch($different_pattern_spl_format_value$),"yes","no")
... View more