I was executing my search on a log file, This is the pattern i want to search ** END ABCD234** **hour>00** where this shouldn't be searched on several **host**(servers). host need to be ignored can be identified by this pattern **"DISABLE" "END" hour>00**
Here hour is a field extracted from timestamp (Example:**01**:15:38- here 01 was extracted). Please let me know if more info needed.
↧