Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Search command for different PC's

Rhuen
New Member
‎03-21-2012 04:55 AM

Hy,

i have create a Dashboard with Error Logs.
1 for all pc's: Computername="*", it works, i see all PC's but which command is the right to see only 2 or 3 PC's with Computername:
Client1 and Client2?!
I was try:
...Computername="Client1,Client"...Computername="Client1" Computername="Client2"...and so on, nothing is working.

I know it works with "Client*" then i see Client1, and Client2, but the Computernames are MAC-Adress...Client1 and Client2 name is only a example.

I hope you know what i mean :-).

This are my complete search string:

source="WMI:WinEventLog:*" ComputerName="*"  | stats count count(eval(Type="Warnung")) as warnings count(eval(Type="Fehler")) as errors by host

greets.

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎03-21-2012 06:34 AM

If you want to search for multiple values of ComputerName you could just OR them together:

ComputerName="Client1" OR ComputerName="Client2" OR ...

View solution in original post

Reply
Solved! Jump to solution

jtrimmi1
Explorer
‎05-06-2019 08:24 AM

I think now you can do something like this :

source="WMI:WinEventLog:*" ComputerName IN ("Client1","Client2","Client3","Client4")

Reply
Solved! Jump to solution

Rhuen
New Member
‎03-21-2012 06:56 AM

Haha omg you right Ayn 🙂 so simple, thx.

0 Karma
Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎03-21-2012 06:34 AM

If you want to search for multiple values of ComputerName you could just OR them together:

ComputerName="Client1" OR ComputerName="Client2" OR ...
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...