Solved: How to use wildcards with host in a search? - Splunk Community

Splunk Search

I am building a search for all index=*, but I have a large number of hosts. These hosts are grouped together with our naming convention of letters and numbers at the end (ex: PRDOxxx) I have it like this right now:

Currently using:

Index=* Host=*

Picks up everything, but trying to narrow it down, I tried:

Index=* Host=prdo* OR Host=OCC*

Does not pick up anything.

1 Solution

Solution

As somesoni2 mentioned, the field names are case sensitive, so this is a good guess as to why the search isn't turning up anything.

Was this a resolution?

View solution in original post

Solution

As somesoni2 mentioned, the field names are case sensitive, so this is a good guess as to why the search isn't turning up anything.

Was this a resolution?

Yes, It was a case issue.
thank you

The field names are case sensitive (values are not case sensitive in the bases earch). So could you try this

index=* host=prdo* OR host=OCC*

Thank you ...

Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Thursday, July 10, 2025 | 11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...