I am using the below query and I was able to not get the results which had messages like "Optional.of(The following items are not available for order at this time)" but I found one of the message still appearing "Optional.of(Items quantity is over the maximum quantity)". Not sure if this has anything to do with the regex
REJECTED sourcetype="pos-generic:prod" partner_account_name="Level Up"
| regex message != "item"
| table merchantId, orderId, message
| stats count by merchantId, message
Hi
Try with following where
instead of regex
......| where NOT message like ("%item%") AND NOT message like ("%Item%")|...
If you would like to stay with regex I think this will get it for you:
| regex message != "[iI]tem"
Hi
Try with following where
instead of regex
......| where NOT message like ("%item%") AND NOT message like ("%Item%")|...