Splunk Search

How do you search logs for a letter at a specific position?

arthurva
Observer

I'm very new to Splunk and need help with a search.

I want to perform a search to show me the results where the 5th letter of the server name has the letter "p". Is this possible?

Thank you

0 Karma
1 Solution

Vijeta
Influencer

@arthurva Suppose your index is test and your field is server_name.

index=test| eval x = substr(server_name,5,1)| where x="p"

View solution in original post

0 Karma

vnravikumar
Champion

Hi @arthurva

Give a try

| makeresults 
| eval test="ABCDPTD" 
| regex test="^.{4,4}[p|P]"
0 Karma

Vijeta
Influencer

@arthurva Suppose your index is test and your field is server_name.

index=test| eval x = substr(server_name,5,1)| where x="p"
0 Karma

arthurva
Observer

That worked. Thank you!

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...