- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Does anyone know how query for non alpha numer...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there a way to search for non-alphanumeric characters?
We have an index that sometimes generates data that contains Kanji and Cyrillic characters, is it possible to create a query that searches for these specifically?
Examples:
user=䉎䝓䰵
host=獵硷灡穱捧灰㈱⸱獵祮扣慢汭挮浯
I know the kanji is not structured correctly but that is how it is showing up in Splunk. Please advise
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i hope i understand your question
the answer is, yes, search and find out, it worked for me
try this search anywhere:
| makeresults count=1
| eval data = "user=䉎䝓䰵,host=獵硷灡穱捧灰㈱⸱獵祮扣慢汭挮浯;;;user=ארי,host=דוניו"
| makemv delim=";;;" data
| mvexpand data
| rex field=data "user=(?<user>[^\,]+),host=(?<host>[^\,]+)"
| eval language = if(user=="ארי","Hebrew","Kanji")
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i hope i understand your question
the answer is, yes, search and find out, it worked for me
try this search anywhere:
| makeresults count=1
| eval data = "user=䉎䝓䰵,host=獵硷灡穱捧灰㈱⸱獵祮扣慢汭挮浯;;;user=ארי,host=דוניו"
| makemv delim=";;;" data
| mvexpand data
| rex field=data "user=(?<user>[^\,]+),host=(?<host>[^\,]+)"
| eval language = if(user=="ארי","Hebrew","Kanji")
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That would help but that only searches for those specific characters or all of the possible kanji characters?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i dont have Kanji keyboard, however when i do the following after my search, it works fine:
| search user="ארי"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then is it possible to do an exclusion of all letters from a to z?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
not sure where you are heading.
it might need another question.
you can exclude a to z letters with regex something along those lines [A-Za-z]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will give it a try. Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@reneedeleon
if that sums it up, kindly accept the answer so others will know it addressed your challenge.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
