Boolean and grouping operators

There are a few operators that you can use to refine your searches (note that these operators must be in uppercase to not be considered search terms):

AND is implied between terms. For instance, error mary (two words separated by a space) is the same as error AND mary.
OR allows you to specify multiple values. For instance, error OR mary means find any event that contains either word.
NOT applies to the next term or group. For example, error NOT mary would find events that contain error but do not contain mary.
The quote marks ("") identify a phrase. For example, "Out of this world" will find this exact sequence of words. Out of this world would find any event that contains all of these words, but not necessarily in ...

Get Implementing Splunk - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk - Second Edition by Vincent Bumgarner, James D Miller

Boolean and grouping operators

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly