I am currently trying to work on a search where are admins in my results. I want the search to show only regular users and admins are noted by a -abc next to their name. This is what I currently have and I get the same amount of results with or without regex:
... | regex <user>!="<-abc>" |
So for example the user field will have johnny and a separate line for johnny-abc. I want to search and not have a result if -abc is found in the user field.
Assuming you have a field named user
which has values such as woodcock-abc
for admins and values such as otherguy
for non-admins, you should be able to use this (among many other ways):
... | regex user!=".*\-abc$"
Assuming you have a field named user
which has values such as woodcock-abc
for admins and values such as otherguy
for non-admins, you should be able to use this (among many other ways):
... | regex user!=".*\-abc$"
Could you explain to me what the . , forward slash, and $ are for? I have been looking at the regex documentation and cant seem to find anything solid. I would like to know this so I can do a regex to take into account a abc-USERNAME where abc- is what I would want to filter against to not include. In this case abc- is at the begining and the *(everything) would come after
EDIT: I believe I got it. regex user!="abc-.*"
The .
matches any 1 character and the *
modifies the character class that precedes it with zero or more of those
. The \
escapes the next character that follows so that it is taken literally instead of indicating special functio n/token (in this case it is sperflous and you don't need it; it was a mistake on my part). The $
says no more characters after this
.
could you please provide some sample events?
Why not simply use this
your base search ..| search user!="*-abc"
This worked as well as the suggestion from Wood about regex. Thank you!