Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to Use * in escape sequence?

Madhan45
Path Finder
‎09-04-2015 04:45 AM

We can use \ as an escape sequence for special characters ",",(,),[,] and so on. How to use for * character?

0 Karma
Reply

badarsebard
Communicator
‎09-04-2015 09:33 AM

If I understand your meaning, you are trying to find events that contain the asterisk (*) character. If so, then this is not possible using the backslash since Splunk treats the asterisk as a major breaker (see Event Segmentation below). According to the Search manual, if you want to search for an asterisk you will need to run a post-filtering regex search on the data, such as:

index=_internal | regex ".*\*.*"

References:
Event Segmentation - http://docs.splunk.com/Documentation/Splunk/6.2.1/Data/Abouteventsegmentation
Search Manual (About Seach Language Syntax) - http://docs.splunk.com/Documentation/Splunk/6.2.1/Search/Aboutsearchlanguagesyntax

0 Karma
Reply

Madhan45
Path Finder
‎09-07-2015 04:35 AM

oh thanks badarsebard

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-04-2015 05:21 AM

In what command do you want to escape the *?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...