hello,
After reading some answers, I see that if I use regex for searching events corresponding to a pattern, it will take a lot of time as Splunk reads all events from disk.
For example: I use `index=X email="test@*"`, it will be so much faster than `index=X | regex email="test@.*"`.
So my question is beside the `*` , can I use another regex term in the default search without using regex that provides the same performance as original search.
For ex:
`index=X email="test@[a-z]+.com"` ?
`index=X email="test@[0-9]*.com"` ?
↧