You can use the `IN` operator like: error_code IN (4*, 500, 502, 503) You can have both concrete values and wildcards. See https://www.splunk.com/en_us/blog/tips-and-tricks/smooth-operator-searching-for-multiple-field-values.html
... View more
We used Fluentd with Splunk cloud and it worked seamlessly.
If anyone using Splunk Cloud sees this answer - the methods above are applicable both to the Enterprise version as well as the Cloud.
... View more
The idea is to have a display of a rolling log / tail -f .
This could be very useful to me in tracking the live output of some machines performing batch / background operations.
... View more