Hello,
i want all records from some hosts.
How can i find records from hosts that match: host=chvj[34]04ld8[246] ?
Cheers,
Jens
The best solution would be to use a subsearch for this purpose:
* [ | metadata type=hosts | regex host="chvj[34]04ld8[246]" | fields host ]
Alternatively you could search for all events and filter based on the regex:
* | regex host="chvj[34]04ld8[246]"
The second search is not suitable in our environment as we produce to much events.
But the first search seems to be okay. (not nice, tough)
Thanks,
Jens