Sumologic Query for multiple strings

Follow

angela.jackson

• September 23, 2021 23:51

Hey there I am trying to create a query to search for multiple strings in a single line but I am having troubling with it because it only returns the first name but it does not return the other names in the string. Please see where there are *** below

| json "event.event_type_id", "event.user_name", "event.notes" as event_id, user_name, notes
//| where event_id in ("#somenumber","#somenumber")
//| where event_id = "#somenumber" OR event_id="#somenumber"
//| if (event_id ="#somenumber","true,"false") as event

// *****| where user_name matches "nameone" OR "nametwo" OR "namethree" OR "namefour" OR "namefive" ****
| count by user_name, notes, event_id

I want it to return the name for each number in the messages and aggregates tab but I only manage to get nameone to run but the rest of the statement does not run. I tried running each name individually and it does work, but I am trying to make it would as a concatenation between multiple strings in an single line of code

0

• 

  Shobhit Garg

  • October 11, 2021 08:40

  Hi Angela,

  Please try something like below

  | where (user_name matches "nameone" OR  user_name matches  "nametwo" OR user_name matches  "namethree" OR user_name matches "namefour" OR  user_name matches "namefive" )

   

  Thanks

  0

  Comment actions Permalink

Please sign in to leave a comment.