VMware Cloud Community
DennisBray
Enthusiast
Enthusiast
‎06-27-2018 02:14 PM
Jump to solution

How to combine 2 queries with OR

I am working with Log Insight 4.6 and am looking for a way to combine two queries that each work individually, but don't really have any intersection other than they both are related to a specific application.

Here are example of the queries:

The first query:

hostname contains "app-ts01" or "app-ta02" or "ops-sql1"

channel contains "application" or "system"

text contains "this" or "that"

level contains "critical" or "warning" or "error"

The second query:

hostname contains "locA-dc-01"

channel contains "security"

keywords contains "Audit Failure"

text contains "APPServiceUsername"

If I combine them into a single query by combining the hostnames, channels, text, etc. no matches are returned because the logic fails.

It appears to me that I need to have a query that has the query 1 parameters logically OR'ed with the query 2 parameters.

I am hoping there is something easy or obvious that I am missing!

Suggestions?

Dennis

0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
‎06-27-2018 02:24 PM
Jump to solution

I'm pretty certain you can't do this today in vRLI.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

View solution in original post

0 Kudos
2 Replies
daphnissov
Immortal
Immortal
‎06-27-2018 02:24 PM
Jump to solution

I'm pretty certain you can't do this today in vRLI.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
DennisBray
Enthusiast
Enthusiast
‎06-28-2018 10:26 AM
Jump to solution

I have also received that feedback from others. Now to make a feature request.

Dennis

0 Kudos