I am using the below query and I was able to not get the results which had messages like "Optional.of(The following items are not available for order at this time)" but I found one of the message still appearing "Optional.of(Items quantity is over the maximum quantity)". Not sure if this has anything to do with the regex
REJECTED sourcetype="pos-generic:prod" partner_account_name="Level Up"
| regex message != "item"
| table merchantId, orderId, message
| stats count by merchantId, message
![alt text][1]
[1]: https://share.getcloudapp.com/04uK1npq
↧