Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to search for a comma in Splunk query?

siksaw33
Path Finder
‎04-29-2022 07:52 AM

is there away we can search for a ,  to find multi locale or multi country
basically instead of the underlined


index=personmetrics logtype=personactivity wrk_grp="Ret,Ce" locale="en-US,en-GB"


1.  how do we write?

index=ccpmetrics logtype=ccpactivity (wrk_grp LIKE "," OR locale LIKE ",")
|table personname,wrk_grp,locale

2. bonus point: and then find the stats of personname and corresoponding entries.

Labels (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎04-29-2022 08:43 AM

@siksaw33 - Try:

index=ccpmetrics logtype=ccpactivity (wrk_grp="*,*" OR locale="*,*")
|table personname, wrk_grp, locale

 

I hope this helps!!! Karma/upvote would be appreciated!!!

View solution in original post

Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎04-29-2022 08:43 AM

@siksaw33 - Try:

index=ccpmetrics logtype=ccpactivity (wrk_grp="*,*" OR locale="*,*")
|table personname, wrk_grp, locale

 

I hope this helps!!! Karma/upvote would be appreciated!!!

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎04-29-2022 08:38 AM

Hi @siksaw33,

you should try the IN clause:

index=personmetrics logtype=personactivity wrk_grp IN ("Ret,Ce") locale IN ("en-US,en-GB")

Ciao.

Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...