Splunk Search

Search for value other than 0 - How-To



If I wanted to run a search for for a field that has any other field other than 0 ie "File Infections: 0", if I wanted to run a search to see if there has been any infections so the value would be anything other than 0/ How would I do this?

Second question. I wanted to see a table of all domains visited bit only to the FQDN and not with any sub-directories or dynamic contact how would I do this?


Tags (2)
0 Karma

Splunk Employee
Splunk Employee

If you have the "File Infections" value extracted as a field you could simple search like this:

... fileInfections != 0 | ...

Field Extractions: http://docs.splunk.com/Documentation/Splunk/latest/User/ExtractNewFields

0 Karma


Note that this search finds events where the fileInfections field exists, but has a value other than zero. So, it won't find events that do not have the fileInfections field at all. If you want to find those events as well, you would do ... NOT fileInfections = 0 | ...

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!