Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Regular expression in Search

JensT
Communicator
‎09-15-2010 04:19 PM

Hello,

i want all records from some hosts.

How can i find records from hosts that match: host=chvj[34]04ld8[246] ?

Cheers,

Jens

Tags (1)
Reply

ziegfried
Influencer
‎09-15-2010 04:24 PM

The best solution would be to use a subsearch for this purpose:

* [ | metadata type=hosts | regex host="chvj[34]04ld8[246]" | fields host ]

Alternatively you could search for all events and filter based on the regex:

* | regex host="chvj[34]04ld8[246]"
Reply

JensT
Communicator
‎09-15-2010 05:28 PM

The second search is not suitable in our environment as we produce to much events.

But the first search seems to be okay. (not nice, tough)

Thanks,

Jens

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...