Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Removing a Pattern from the search result

jaiarchi
New Member
‎06-23-2017 03:34 AM

I am searching for a string "xyz" that would result in all actionsteps (with counts) that has "xyz" in it, However I want to remove any string that ends with xyz_I or xyz_S.

Would someone be able to help me on this please.

0 Karma
Reply

woodcock
Esteemed Legend
‎06-23-2017 07:09 AM

Show us the sample events and indicate the ones to keep and the ones not to keep (calling out field names/values).

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-23-2017 03:48 AM

HI jaiarchi,
If I correctly understood: do you want to have all events where there is the string xyz but not the ones where there are xyz_I or xyz_S?
if this is your requirement you have to insert in your search:

your_search "xyz" NOT ("xyz_I" OR "xyz_S") | ...

Bye.
Giuseppe

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎06-23-2017 03:46 AM

Hi Jaiarchi, some more details needed.. what is ur current search query, some sample log lines..

maybe try this one -
Index=indexName xyz NOT (xyz_I OR xyz_S)

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...