Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Using wildcards in a search string

andybeh
New Member
‎07-03-2014 03:28 PM

Hi All,

Can someone please explain how I use a wildcard character in the middle of a search string? For example, if I want find all gmail addresses that start with the letter 'a', I thought I could search for emailaddress="a*@gmail.com, however this returns all records. I guess I have to use a regex but my knowledge hasn't reached that level yet so I am struggling with this one.

Cheers

AB

Tags (1)
0 Karma
Reply

gopala
New Member
‎03-15-2016 08:13 AM

Is not working for me either.

I tried
index=my_index | regex my_field="^my*.value.com"

and it is not finding anything even I

Where it should match
my1.value.com
my2.value.com
my100.value.com
etc....

0 Karma
Reply

rsennett_splunk
Splunk Employee
Splunk Employee
‎07-03-2014 05:09 PM

other than the fact that you are missing a closing double quote in your example. That will work fine.
Is that a typo?

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!
Reply

laithmurad
Path Finder
‎07-03-2014 05:05 PM

Hi AB,

Strange, I just tried you're search query emailaddress="a*@gmail.com" and it worked to filter emails that starts with an a, wildcards should work like you expected.

Alternatively use the regex command to filter you're results, for you're case just append this command to you're search.

| regex emailaddress="^a.*@gmail.com"

This will find all emails that starts with an "a" and ends with "@gmail.com"

Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...