Searching from a list of keywords

Follow

Mark Drummond

• November 12, 2021 16:45

Example: "I need all log entries related to users 'jane', 'john', 'alice', and 'bob'."

Given a list of user identifiers, search my logs for log entries that match any of the user identifiers in the list. Something like the any() operator in python.

Is this possible?

0

• 

  Shobhit Garg

  • November 15, 2021 06:26

  Hi Mark,

  Lets say you have parsed the user name in a field say USERNAME, then you can write something like

  _collector=<collector_name>
  | parse ........ as USERNAME
  | where USERNAME in ("Jane" OR "john" OR  "alice" OR  "bob")

  You can refer to 

  https://help.sumologic.com/05Search/Search-Query-Language/Search-Operators/where

   

  Regards

  0

  Comment actions Permalink

Please sign in to leave a comment.