Solved: Re: Lexicographic comparison of version strings?

waisbrot · ‎08-06-2013

I have version strings in my log output, and I'd like to filter on these, like

| where version < 2.3.5

But Splunk only wants to do numeric comparison with '<'. Is there an operator to perform lexicographic comparisons?

okrabbe_splunk · ‎05-27-2014

I am not aware of a function or command to do this.

However, you could use a more complicated where clause if we assume you have broken out the version into fields major, minor and point....

|where major > 2 OR (major >=2 AND minor >3) OR (major >=2 AND minor >= 2 AND point > 5)

okrabbe_splunk · ‎05-27-2014

I am not aware of a function or command to do this.

However, you could use a more complicated where clause if we assume you have broken out the version into fields major, minor and point....

|where major > 2 OR (major >=2 AND minor >3) OR (major >=2 AND minor >= 2 AND point > 5)

Lexicographic comparison of version strings?