Splunk Search

exact phrase with wild cards

user93
Communicator

I want to search an exact phrase, but surronded by wildcards. I want to be able to do this with and without specifying the field.

&
|
|search "help me"

What am I doing wrong? I do I get Splunk to accept space as a character within a phrase?

Tags (2)
0 Karma
1 Solution

gcusello
Legend

Hi @user93,
you can do something like this:

your_search "*help me*"
| ...

or

your_search my_field="*help me*"
| ...

but remember that using wildcards, you haven't a quick search especially without fields.

Anyway, you can use spaces inside quotes as a normal char, if instead you don't use quotes, space is a separator.

Ciao.
Giuseppe

View solution in original post

0 Karma

gcusello
Legend

Hi @user93,
you can do something like this:

your_search "*help me*"
| ...

or

your_search my_field="*help me*"
| ...

but remember that using wildcards, you haven't a quick search especially without fields.

Anyway, you can use spaces inside quotes as a normal char, if instead you don't use quotes, space is a separator.

Ciao.
Giuseppe

0 Karma

user93
Communicator

Thank you Ciao!

0 Karma
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...