Splunk Search

How can i search for two concatenated strings?

antonio147
Communicator

I need to search for a string composed of the month - year in Italian.
Example: "March-2021"
If I enter "March-2021" in the search, everything works but if I put the eval variable (month year) or the strcat variable (completo), it doesn't work.

I have : 

|eval anno = strftime(_time,"%Y")
| eval mesi=strftime(_time,"%m")
| eval mese=case(
mesi="01","Gennaio-",
mesi="02","Febbraio-",
mesi="03","Marzo-",
mesi="04","Aprile-",
mesi="05","Maggio-",
mesi="06","giugno-",
mesi="07","Luglio-",
mesi="08","Agosto-",
mesi="09","Settembre-",
mesi="10","Ottobre-",
mesi="11","Novembre",
mesi="12","Dicembre-",
1=1, "INV")
|eval meseanno= mese.anno
|strcat mese anno completo
|search AMBITO = meseanno

 so it doesn't work

if I use |search AMBITO = "March-2021" works

Can you help me understand how to look for a chained string?
Tks
Bye
Antonio

Labels (2)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

Try

|where AMBITO = meseanno

View solution in original post

ITWhisperer
SplunkTrust
SplunkTrust

Try

|where AMBITO = meseanno

antonio147
Communicator

Thank you so much !!!!
but why didn't it work with search?

 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Basically, search works with strings, where works with fields.

antonio147
Communicator

Ah OK,
thanks for the explanation :slightly_smiling_face:
But if two strings are concatenated, I expected search to work the same.
I expected search to work with string1.string2
I understand better the dynamics of splunk and how it works.
Thank you again.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...