Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Wildcard with Notequal condition

renuka
Path Finder
‎12-10-2020 08:49 AM

Hello

 I am trying to extract count of the data by excluding some values which are not equal and some are equal in particular filed

  My query

   index=platform source=`ProjectArea` |join type=inner ProjectAreaID max=0 [search index=`platform` source=`RequirementModules` |fillnull value="Not Defined"|search Owner!="Tool" |join type=inner ModuleID max=0 [search index=`platform` source=`SoftwareRequirements` `ReqID_URL_Rename`|rename Owner as ReqOwner ]]|search `Software_ModuleType` `SoftwareRequirementType` |fillnull value="Not Defined"|dedup LinkStart_URL|search ModuleID="*" Status="*" Owner="*" | join type=inner LinkStart_URL max=0 [search index=`platform` source=Sw_Satisfaction`|rename LinkEnd_URL as SysURL]|join type=inner SysURL max=0 [search index=`platform` source=`SystemRequirements` `ReqID_URL_Rename` |rename LinkStart_URL as SysURL] |search ModuleName!="A*" AND ModuleName="*_ext" |stats count by ModuleName 

Output  comes zero when i give  (ModuleName!="A*" AND ModuleName="*_ext") this condition

My output contains A* values,V* and A*_ext  i want to exculde only A* values

Please help with this

Thank You in advance

Renuka

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎12-10-2020 10:55 AM

Instead of search, can you use regex?

| regex ModuleName="^[^A].*_ext$"
0 Karma
Reply

renuka
Path Finder
‎12-10-2020 08:37 PM

Thanks for reply I will try @ITWhisperer 

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...