Solved: Is there a way to search for a comma in Splunk que...

siksaw33 · ‎04-29-2022

is there away we can search for a , to find multi locale or multi country
basically instead of the underlined

index=personmetrics logtype=personactivity wrk_grp="Ret,Ce" locale="en-US,en-GB"

1. how do we write?

index=ccpmetrics logtype=ccpactivity (wrk_grp LIKE "," OR locale LIKE ",")
|table personname,wrk_grp,locale

2. bonus point: and then find the stats of personname and corresoponding entries.

VatsalJagani · ‎04-29-2022

index=ccpmetrics logtype=ccpactivity (wrk_grp="*,*" OR locale="*,*")
|table personname, wrk_grp, locale

I hope this helps!!! Karma/upvote would be appreciated!!!

VatsalJagani · ‎04-29-2022

index=ccpmetrics logtype=ccpactivity (wrk_grp="*,*" OR locale="*,*")
|table personname, wrk_grp, locale

I hope this helps!!! Karma/upvote would be appreciated!!!

gcusello · ‎04-29-2022

you should try the IN clause:

index=personmetrics logtype=personactivity wrk_grp IN ("Ret,Ce") locale IN ("en-US,en-GB")

Ciao.

Giuseppe

Is there a way to search for a comma in Splunk query?