Splunk Search

Filtering specific digit at the end of a field value

brennson90
Path Finder

Hi community,

i have the following tstats output
"| tstats count WHERE fromzone="*INTRANET*" index=*_*_* by index source getport"

The getport field is for different indexes always 5 digits long for e.g. (index A has Port 22001, index B has 25003, index C has 35002)
Now i want to filter out all field values from the field getport without the "1" at the end.

Thanks for your help!

Labels (3)
0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@brennson90 

Are you looking for this?

 

YOUR_SEARCH
| search getport!="*1"

 OR

YOUR_SEARCH
| regex "getport"!="\d{4}1"

KV

View solution in original post

brennson90
Path Finder

It, works
thanks

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@brennson90 

Are you looking for this?

 

YOUR_SEARCH
| search getport!="*1"

 OR

YOUR_SEARCH
| regex "getport"!="\d{4}1"

KV

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...