I'm very new to Splunk and need help with a search.
I want to perform a search to show me the results where the 5th letter of the server name has the letter "p". Is this possible?
Thank you
@arthurva Suppose your index is test and your field is server_name.
index=test| eval x = substr(server_name,5,1)| where x="p"
View solution in original post
Hi @arthurva
Give a try
| makeresults | eval test="ABCDPTD" | regex test="^.{4,4}[p|P]"
That worked. Thank you!
