Splunk Search

is * supported?

riderofyamaha
Explorer

Is the wildcard search star * supported by logs in splunk? Im trying to see if splunk is seeing changes being made in log files..

Tags (1)
0 Karma

simuvid
Splunk Employee
Splunk Employee

Splunk supports the asterisk (*) wildcard for searching. Searching for * by itself means "match all" and returns all events. Searching for * as part of a word matches based on that word: for example fail* matches fail, failure, and failures. See also:

http://www.splunk.com/base/Documentation/4.1.3/User/Startsearchingtutorial#Search_with_wildcards

I am not sure which changes you try to identify, but you can use fschange to detect chages in files.

See also:

http://www.splunk.com/base/Documentation/4.1.3/Admin/Monitorchangestoyourfilesystem

Hope that answers your question?

Cheers,

Christian

riderofyamaha
Explorer

yeah, that helps, thanks alot

0 Karma

Lowell
Super Champion

BTW, searching for a literal '' in your search is not currently supported (unless you disable '' as a wildcard)

Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...