Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Wildcards in search

mdavis43
Path Finder
‎09-19-2013 09:09 AM

I need some help on the syntax of wildcards in the search. I have multiple servers and I don't want to keep using OR. For example I have "server01" through "server21" and I sometimes want to just pull out results for server3 through server6.

In Linux I can specify server0[3-6]. What is the Splunk equivalent?

Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-19-2013 09:38 AM

There is no equivalent in Splunk, sorry.

However, you can tag your servers. For example, if you tag a set of servers (server03 to server06) as "Singapore" then you could search

tag=Singapore

It's a great way to do a variety of shortcuts for searches. Also, tags can be shared so that everyone on your team can use them.

Here's a video on tags: http://www.splunk.com/view/SP-CAAAGYJ

The documentation is here

View solution in original post

Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎09-19-2013 09:49 AM

Lisa's answer is a good approach.

Another way to solve this in the search language is to use the regex command.

Note, the base search pulls all events BEFORE regex has a chance to filter results, so it is important to make the base search as specific as possible. An example using above requirements:

host=server0* | regex host="server0[3-6]"
Reply
Solved! Jump to solution

lguinn2
Legend
‎09-19-2013 10:00 AM

Good point. I use regex a lot.

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-19-2013 09:38 AM

There is no equivalent in Splunk, sorry.

However, you can tag your servers. For example, if you tag a set of servers (server03 to server06) as "Singapore" then you could search

tag=Singapore

It's a great way to do a variety of shortcuts for searches. Also, tags can be shared so that everyone on your team can use them.

Here's a video on tags: http://www.splunk.com/view/SP-CAAAGYJ

The documentation is here

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...