Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Intellignent Text pattern matching

premforsplunk
Explorer
‎02-19-2018 01:28 AM

Hello Folks,

part 1 - As far as i know,Splunk can match below users with same pattern "John%" , but all 6 are same users, what is the best way to match all..

John Dave Peterson -Hit
John Peterson - Hit
John Dave -Hit
J D Peterson -Miss
JDPeterson - Miss
JDP - Miss

How to frame a generic query for all usernames since I cannot use a specific username pattern for all customer names ?? Can a customer field name "custname" can be matched with the pattern by the value of same field ? (like below syntax ?)
"| where like(custname "custname%")"

Part 2 - Can splunk match percentage wise between 2 string fields..

Like example below, possible to have 2 common address but in typo/erroneous formats.... I only want 1st 2 values to be matched as they both are same but in different long/short format

Address 1= St Peter's Street - Hit
Address 2 = St Peter's St - Hit
Address 3 = St Peter's Complex - Miss

Can splunk match Address 1 and 2 above and say - 90% match.

Looking forward for the assistance.

Tags (4)
0 Karma
Reply

FrankVl
Ultra Champion
‎02-19-2018 01:50 AM

For the user names: don't think you can solve that with 'intelligent text pattern matching', this calls for a lookup that holds all possible usernames of a person and maps them to some standardized identity.

For calculating how closely 2 strings match, you could perhaps use the Levenshtein algorithm. I know the URL Toolbox add-on provides that. But perhaps there are better approaches for recognizing addresses. You might want to do a quick search on Google for that (as that is of course not a Splunk specific challenge).

0 Karma
Reply
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...