Hi All,
I try to create a saved search to fit into the following logic. How can I combine multiple criteria into one single Splunk search? Thanks.
> sourcetype=xyz> c_application starts with Mozilla AND> (> (file_name starts with "mabcd" AND> url matches "http://[a-z]{4\,8}-[a-z]{1\,7}\\.net/[a-z]{4\,8}\\.php$"> ) OR> ( path ends with "==" AND> url matches "http://[a-z]{14\,21}\\.net/[a-z]{4\,8}\\.php$"> ) OR> url matches "[a-z]{4,10}/[a-z_-]{139,157}.(php|html)"> )
↧