Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Wildcard search on non-existent field search

cclva
Explorer
‎05-05-2021 12:23 PM

I have a generic search that I am using to display data for a handful of applications, which look something like this:

index=$index$ application=$app_name$ fieldA=$searchA$ fieldB=$searchB$

 

However, one of my applications do not have a `fieldA`. Therefore,  if I was to preform a search using my dashboard, this would resolve to:

index=myIndex application=application1 fieldA=* fieldB=*

 Because `fieldA` does not exist in `application1`, the search fails, and I get nothing back. 

Is there a way to resolve search criteria for fields that do not exist?

Labels (1)
Labels
0 Karma
Reply

sravankaripe
Communicator
‎05-05-2021 01:10 PM 
index=myIndex application=application1 (fieldA=* OR fieldB=*)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...