I am working with Log Insight 4.6 and am looking for a way to combine two queries that each work individually, but don't really have any intersection other than they both are related to a specific application.
Here are example of the queries:
The first query:
hostname contains "app-ts01" or "app-ta02" or "ops-sql1"
channel contains "application" or "system"
text contains "this" or "that"
level contains "critical" or "warning" or "error"
The second query:
hostname contains "locA-dc-01"
channel contains "security"
keywords contains "Audit Failure"
text contains "APPServiceUsername"
If I combine them into a single query by combining the hostnames, channels, text, etc. no matches are returned because the logic fails.
It appears to me that I need to have a query that has the query 1 parameters logically OR'ed with the query 2 parameters.
I am hoping there is something easy or obvious that I am missing!
Suggestions?
Dennis
I'm pretty certain you can't do this today in vRLI.
I'm pretty certain you can't do this today in vRLI.
I have also received that feedback from others. Now to make a feature request.
Dennis