Re: Wildcard with Notequal condition

renuka · ‎12-10-2020

Hello

I am trying to extract count of the data by excluding some values which are not equal and some are equal in particular filed

My query

index=platform source=`ProjectArea` |join type=inner ProjectAreaID max=0 [search index=`platform` source=`RequirementModules` |fillnull value="Not Defined"|search Owner!="Tool" |join type=inner ModuleID max=0 [search index=`platform` source=`SoftwareRequirements` `ReqID_URL_Rename`|rename Owner as ReqOwner ]]|search `Software_ModuleType` `SoftwareRequirementType` |fillnull value="Not Defined"|dedup LinkStart_URL|search ModuleID="*" Status="*" Owner="*" | join type=inner LinkStart_URL max=0 [search index=`platform` source=Sw_Satisfaction`|rename LinkEnd_URL as SysURL]|join type=inner SysURL max=0 [search index=`platform` source=`SystemRequirements` `ReqID_URL_Rename` |rename LinkStart_URL as SysURL] |search ModuleName!="A*" AND ModuleName="*_ext" |stats count by ModuleName

Output comes zero when i give (ModuleName!="A*" AND ModuleName="*_ext") this condition

My output contains A* values,V* and A*_ext i want to exculde only A* values

Please help with this

Thank You in advance

Renuka

ITWhisperer · ‎12-10-2020

Instead of search, can you use regex?

| regex ModuleName="^[^A].*_ext$"

renuka · ‎12-10-2020

Thanks for reply I will try @ITWhisperer

Wildcard with Notequal condition

app

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation