Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- need to search for asterisk C asterisk in splunk
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
need to search for asterisk C asterisk in splunk
alexl1
Path Finder
05-21-2013
09:35 AM
hi, how do I search for asterisk C asterisk in splunk, in other words C
when I put that as the search criteria it returns all C's and things * is a wildcard. I tried backslash and double asterisk but those didn't work either. Thanks,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
linu1988
Champion
08-27-2014
08:10 AM
Hello,
Could you try this?
...|eval result=if(match(_raw," C "),"True","False")|...
OR
...|eval result=if(match(_raw,"\sC\s"),"True","False")|...
Thanks,
L
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
894859
Explorer
08-27-2014
07:53 AM
I use evals to search my * values as needed. As an example if you are searching against savedsearches, you will see the cron_schedule of a saved search which will most likely include asterisks. I would think this would also work in your situation:
| eval containsAsterisk=if(_raw LIKE "%C*%", "Yes", "No")
| search containsAsterisk=Yes
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mahlerrd
Explorer
05-21-2013
10:08 AM
Markup fixes: that's backslash asterisk C backslash asterisk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
alexl1
Path Finder
05-21-2013
11:01 AM
yeah tried that, didn't help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mahlerrd
Explorer
05-21-2013
10:07 AM
I don't have any asterisks to confirm with, but have you tried working it around like the following?
regex _raw="*"
I believe you'll want, specifically, "*C*" but I'm not a regex expert. 😞
I found this here http://splunk-base.splunk.com/answers/13442/how-do-i-search-for-the-character
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I_am_Jeff
Communicator
05-21-2013
11:46 AM
I found this. Might be helpful. "Search for * in log"
http://splunk-base.splunk.com/answers/34250/search-for-in-log
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
