Am using a query to search the messages like 'string' using below
fields @timestamp, @message
| filter @message like /engineer/
| sort @timestamp desc
| limit 20
wants to search message contains any of the strings in a list and tried the below query but, its not working. Am getting the results which does not contain those values.
fields @timestamp, @message
| filter @message like /[engineer|doctor|builder]/
| sort @timestamp desc
| limit 20
Intention is to get logs which contains engineer OR doctor OR builder
This should work:
filter @message like /(engineer|builder|doctor)/
Using the square brackets will match individual characters, [doctor] matches something like (d|o|c|t|o|r)