https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157026#M44184 <P>I am building a search for all <CODE>index=*</CODE>, but I have a large number of hosts. These hosts are grouped together with our naming convention of letters and numbers at the end (ex: PRDOxxx) I have it like this right now:</P> <P>Currently using:</P> <PRE><CODE>Index=* Host=* </CODE></PRE> <P>Picks up everything, but trying to narrow it down, I tried:</P> <PRE><CODE>Index=* Host=prdo* OR Host=OCC* </CODE></PRE> <P>Does not pick up anything.</P> Fri, 07 Aug 2015 16:13:43 GMT msackett 2015-08-07T16:13:43Z https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157026#M44184 <P>I am building a search for all <CODE>index=*</CODE>, but I have a large number of hosts. These hosts are grouped together with our naming convention of letters and numbers at the end (ex: PRDOxxx) I have it like this right now:</P> <P>Currently using:</P> <PRE><CODE>Index=* Host=* </CODE></PRE> <P>Picks up everything, but trying to narrow it down, I tried:</P> <PRE><CODE>Index=* Host=prdo* OR Host=OCC* </CODE></PRE> <P>Does not pick up anything.</P> Fri, 07 Aug 2015 16:13:43 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157026#M44184 msackett 2015-08-07T16:13:43Z https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157027#M44185 <P>The field names are case sensitive (values are not case sensitive in the bases earch). So could you try this</P> <PRE><CODE>index=* host=prdo* OR host=OCC* </CODE></PRE> Fri, 07 Aug 2015 17:05:53 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157027#M44185 somesoni2 2015-08-07T17:05:53Z https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157028#M44186 <P>Thank you ... </P> Mon, 28 Sep 2015 18:59:54 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157028#M44186 msackett 2015-09-28T18:59:54Z https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157029#M44187 <P>As somesoni2 mentioned, the field names are case sensitive, so this is a good guess as to why the search isn't turning up anything.</P> <P>Was this a resolution?</P> Tue, 29 Sep 2015 12:55:45 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157029#M44187 muebel 2015-09-29T12:55:45Z https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157030#M44188 <P>Yes, It was a case issue.<BR /> thank you</P> Tue, 29 Sep 2015 13:32:17 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-wildcards-with-host-in-a-search/m-p/157030#M44188 msackett 2015-09-29T13:32:17Z