Archive

exclude 'sendmail' in search options

Engager

I am using the following in my search options: index="my_site_hosts" "hostABC" "failed"

The results displays sendmail. I want to filter out sendmail and see all other failures.

How do I exclude sendmail in the search results so I get to view other forms of failures?

I did try this: index="my_site_hosts" "hostABC" "failed" !"sendmail" the negation sign did not work?

thank you

Tags (1)

Splunk Employee
Splunk Employee

subhap try:
index="my_site_hosts" "hostABC" "failed" NOT "sendmail"

Cheers,
.gz

Splunk Employee
Splunk Employee
0 Karma