Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Wildcards in search

mdavis43
Path Finder
‎09-19-2013 09:09 AM

I need some help on the syntax of wildcards in the search. I have multiple servers and I don't want to keep using OR. For example I have "server01" through "server21" and I sometimes want to just pull out results for server3 through server6.

In Linux I can specify server0[3-6]. What is the Splunk equivalent?

Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-19-2013 09:38 AM

There is no equivalent in Splunk, sorry.

However, you can tag your servers. For example, if you tag a set of servers (server03 to server06) as "Singapore" then you could search

tag=Singapore

It's a great way to do a variety of shortcuts for searches. Also, tags can be shared so that everyone on your team can use them.

Here's a video on tags: http://www.splunk.com/view/SP-CAAAGYJ

The documentation is here

View solution in original post

Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎09-19-2013 09:49 AM

Lisa's answer is a good approach.

Another way to solve this in the search language is to use the regex command.

Note, the base search pulls all events BEFORE regex has a chance to filter results, so it is important to make the base search as specific as possible. An example using above requirements:

host=server0* | regex host="server0[3-6]"
Reply
Solved! Jump to solution

lguinn2
Legend
‎09-19-2013 10:00 AM

Good point. I use regex a lot.

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-19-2013 09:38 AM

There is no equivalent in Splunk, sorry.

However, you can tag your servers. For example, if you tag a set of servers (server03 to server06) as "Singapore" then you could search

tag=Singapore

It's a great way to do a variety of shortcuts for searches. Also, tags can be shared so that everyone on your team can use them.

Here's a video on tags: http://www.splunk.com/view/SP-CAAAGYJ

The documentation is here

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...