Sure.. just use OR
my awesome search terms AND ( foo=0 OR foo>200 OR foo <5 )
Now, if you're wanting to do some distribution analysis, it might be more like
my awesome search terms | eval disposition=case(foo < 0, "Lessthanzero",
foo=0 , "EqualZero",
foo > 0, "GreaterThanZero")
| stats count(_raw) by disposition
Sure.. just use OR
my awesome search terms AND ( foo=0 OR foo>200 OR foo <5 )
Now, if you're wanting to do some distribution analysis, it might be more like
my awesome search terms | eval disposition=case(foo < 0, "Lessthanzero",
foo=0 , "EqualZero",
foo > 0, "GreaterThanZero")
| stats count(_raw) by disposition
If this isn't working for you .. it's ok, you're not crazy. Chances are you have "or" instead of "OR". Make sure it's capitalized.
Thank you very much for your answer to my question. Your solution worked perfectly.