Splunk Search

How to display a field ending with the same alphabet

BT
Path Finder

I have a field(eventCode)  which has a code values, and few of them ends with certain alphabets , I want to extract only the eventCode which ends with E, F, V and display it separately under different fields/names(minor, major, medium). I tried with | where eventCode=*E, but this doesnot work.. Is there any other way to extract other than rex/regex. If not, can you please provide some input. 

Exmaple : eventCode=xyxbxsndsndg-5-3000-E

eventCode=aksjdjfdfvbrhgnvfmbfbc-54-3601-E

eventCode=plgkdfdcmasjenfmdklv-61-2501-F

eventCode= pojdksdjhmmmaskxjs-91-4501-V

Result : Minor                                                              Major                                                                        

xyxbxsndsndg-5-3000-E                                       plgkdfdcmasjenfmdklv-61-2501-F            

aksjdjfdfvbrhgnvfmbfbc-54-3601-E

Labels (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
| where like(eventCode,"%E")

View solution in original post

BT
Path Finder

Works like a charm !!!! thank you 🙂 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| where like(eventCode,"%E")
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...