Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search strings which are not starting with ****

kmmanu
New Member
‎06-20-2018 10:54 AM

Tthere are logs like below three lines

user name is "fgt56wer"
user name is "****89g4ty5"
user name is "jks4qw"

I want to avoid all lines which starts with user name is "**** from the splunk search result
My expected search output is below :-

user name is "fgt56wer"
user name is "jks4qw"

Can anyone help me to get the regular expression or search query ?

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎06-20-2018 12:02 PM

Try:

... | regex _raw!="user name is \"\*\*\*"
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...