Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Why do wildcards in the middle of a string produce...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ddrillic
Ultra Champion
12-18-2017
10:31 AM
The studying material says that -
-- Wildcards in the middle of a string produce inconsistent results.
Why is it?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
micahkemp
Champion
12-18-2017
11:50 AM
Check out the Splunk .conf talk by Martin Mueller:
https://conf.splunk.com/files/2017/slides/fields-indexed-tokens-and-you.pdf
Page 18 of 32.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
04-22-2020
06:44 PM
Here is Splunk's official word:
https://docs.splunk.com/Documentation/Splunk/latest/Search/Wildcards#Avoid_using_wildcards_in_the_mi...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
micahkemp
Champion
12-18-2017
11:50 AM
Check out the Splunk .conf talk by Martin Mueller:
https://conf.splunk.com/files/2017/slides/fields-indexed-tokens-and-you.pdf
Page 18 of 32.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nickhills
Ultra Champion
12-18-2017
12:03 PM
sounds like one for @martin_mueller to help with then 🙂
If my comment helps, please give it a thumbs up!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nickhills
Ultra Champion
12-18-2017
11:50 AM
I would say thats not correct at all.
String matching is very predictable, and I frequently match all kinds of things with *'s in the middle.
host=-uk--* matches LIVE-uk-web-02 perfectly.
Never had any problem with it.
Are you sure it didn't say "inefficient" - a query filled with wildcards is not as fast as something specifically defined
If my comment helps, please give it a thumbs up!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
12-18-2017
11:08 AM
From which documentation is this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ddrillic
Ultra Champion
12-18-2017
11:54 AM
From the *Splunk Fundamentals Part 2 (IOD) * course.
Get Updates on the Splunk Community!
Detecting Brute Force Account Takeover Fraud with Splunk
This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...
Buttercup Games: Further Dashboarding Techniques (Part 9)
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Buttercup Games: Further Dashboarding Techniques (Part 8)
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
