Splunk Search

How do I return a search for a field that contains a number?

jbala1
Engager

example:

If I have a list of user and I want to search and the users who only have a number in that field;

John_doe
John_doe1
Jane_doe
Jane_doe2

How do I return just the users with numbers associated to their field?

Tags (1)
0 Karma
1 Solution

inventsekar
Ultra Champion

this regex will return all field "UserName" which are having a number.

 your base search | regex UserName="\w+\d"

tested this and its working fine -
to list all hosts which are having a digit/number in them -

index=_internal | regex host="\w+\d"

View solution in original post

0 Karma

inventsekar
Ultra Champion

this regex will return all field "UserName" which are having a number.

 your base search | regex UserName="\w+\d"

tested this and its working fine -
to list all hosts which are having a digit/number in them -

index=_internal | regex host="\w+\d"

0 Karma

jbala1
Engager

Thank you. That answer solved my problem.

0 Karma

cmerriman
Super Champion

how about

|eval userNumbers=match(userField,"\d")

that should give you a true/false of users with digits in their username and you can search from there.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...