hi,
i have been trying to combine these two searches together. can some one please help combine them.
first search: index=pci_hpd_index device_id=FGT* | regex log_id="4454[4-7]"
second search: index=pci_hpd_index device_id=FGT* | regex log_id="32[0-5][0-4][0-9]"
If by combine you mean find events matching at least one of the regular expressions, use the pipe symbol to get a regex "or":
... | regex log_id="(4454[4-7])|(32[0-5][0-4][0-9])"
If by combine you mean find events matching at least one of the regular expressions, use the pipe symbol to get a regex "or":
... | regex log_id="(4454[4-7])|(32[0-5][0-4][0-9])"
thanks that helped a lot. it works now.