...ave the same base. However, the domain matching appears to the strict and wildcards are not matching. For example, users may have emails like: a@temp.mydomain.com b@perm.mydomain...
...sing the below query to exclude 1st set of events. I have created WILDCARD(message) match_type
| lookup vtest message OUTPUT message as exclude_message
| search NOT (e...
Hello everyone, I'm a beginner in using Splunk. I'm facing an issue in finding a search solution for the following idea: I'm logging the deletion behavior of files, and I have whitelisted some import...
Hi, I'm trying to get wildcard lookups to work using the "lookup" function. I've followed guidance to set up the "Match Type" for the fieldin the lookup definition as per Define a CSV lookup in S...
Hello, I would like to obtain a list of all domains that did NOT match my lookup file which is composed of wildcard domain here is an example : Lookup file domain *adobe.com* *perdu.com...
I have a search that uses some wildcards:
sourcetype="EPPWEB" source="/opt/log/*/web_server/info.log" WAT
| rex field=_raw "USER (?P<registrar>\[\d+-\w\w\]) downloading .*/(?<filename&g...
I need some help on the syntax of wildcards in the search. I have multiple servers and I don't want to keep using OR. For example I have "server01" through "server21" and I sometimes want to just p...
We are trying to filter out events from a Syslog server that is ingesting data for a number of sources but the one we are trying to filter is from our Meraki devices. Each Meraki is considered ...
...ound in the logs, but expected. The lookup has a lookup definition defined, so that FileName can contain wildcards, and this works for matching the wildcarded filename to existing events, with o...
Im trying to set a boolean based on a match in a string.
I want to set a value to 1 if it does not match ingestion* and set it to 0 if it does match.
The following example shows the problem:
...