Splunk Search

Search for file path and only that file path to come back nothing else

robertlynch2020
Influencer

hi

I have the following files

/net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/
/net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/logs/traces/
/net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/logs/traces/
/net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/XXX/YYY

when i run the below search i get all the directories back, in this case i just want the one /net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/. Not the other 3

| search File_location = */net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/* 

Cheers for you help :slightly_smiling_face:

0 Karma
1 Solution

robertlynch2020
Influencer

cheers that worked @niketn :slightly_smiling_face:

| search File_location = "/net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/"

View solution in original post

0 Karma

robertlynch2020
Influencer

cheers that worked @niketn :slightly_smiling_face:

| search File_location = "/net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/"

0 Karma

niketn
Legend

@robertlynch2020... If you want exact match, you should be taking out the * asterisk wildcard for pattern matching.

| search File_location = "/net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/"
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

niketn
Legend

@robertlynch2020... Glad it worked. I have converted my comment to answer. Since you have accepted your own answers, please upvote my answer, since it helped :slightly_smiling_face: Cheers!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

jkat54
SplunkTrust
SplunkTrust

Does this work?

 File_location = */net/dell427srv/data1/apps/*

If so, it might be a segmenter "problem"

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...