...he wildcards aren't working, and I think it is because I am not using the definition. But even so, I can't wrap my ahead around the search. | inputlookup pvs_source_list
| j...
...ble to search uri_method for multiple values with wildcard.
i.e. the following should be returned
www.example.com/v2/customers/* (HEAD)
example.co.uk/v1/orders/* (HEAD)
w...
I am using splunk cloud. I would like to use the lookup file to find out if there is an IP corresponding to the blacklist, but only 10.50.88.22 is hit.
[definition of lookup] WILDCARD (IP)
[C...
...ck-count*__ack_init .
So, what I wanted to do was something like
... | rename ack-count*__ack_init AS acks
But when I try that, I get the error
Error in 'rename' command: Wildcard m...
...xtracted as expected. Searching specific values also didn't help. Some fields did return results but only if you added wildcards: index=foo bar="*value" It was possible to find the events w...
I'll start with what works: If I do a search
ERROR host="foobar0*"
The wildcard(*) expands and I get a list of results with extracted 'host' fields with "foobar01", "foobar02", "foobar03", e...
...pt/log/dotorg/epp_server/epp_server.log
The third segment of the directory path I want to insert a wildcard to say "any". All of the logs in this path will be sourcetype=EPP.
So I'm w...
I want to exclude both primary and secondary IP addresses from a search.
For example:
src_ip!=192.50.244.10 AND src_ip!=192.50.245.10
Can I combine the two by just using a wildcard in j...
I have a lookup named tc with a field indicator. I wanted to search that indicator field in my firewall sourcetype with wildcards as below.
[|inputlookup tc|dedup indicator|eval i...