I am attempting to search a field, for multiple values.
this is the syntax I am using:
< mysearch > field=value1,value2 | table _time,field
The ',' doesn't work, but I assume there is an easy way to do this, I just can't find it the documentation.
Does anyone have any ideas?
You can use the `IN` operator like:
error_code IN (4*, 500, 502, 503)
You can have both concrete values and wildcards.
field IN (value1,value2,value3)
Example:
index=network severity IN (low,high,medium)
Use field=value1 OR field=value2.
Should value1 or value2 be enclosed in quotes?
Hello,
I am trying to combine it with my search string but no result is returned.
index=index1 type=transaction (host="host1" OR host="host2" OR host="host3")
What is wrong?
Thanks, Regards, Rudo
@Georgin: It doesn't have to be quoted unless the value itself contains separators. E.g. field=0 OR field=1 is fine, but you would have to use quotes for field="My String With Spaces".
Yes . You may include it