×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
sleepingKoala
Engager
Member since: ‎10-21-2021
‎10-22-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎10-21-2021
Activity Feed
View All

Re: Surrounding Search terms with quotes

by in Splunk Search
‎10-21-2021 11:54 AM
‎10-21-2021 11:54 AM
This was indeed the problem, the field name was categoryId (capital i) not categoryid so the search surrounded in quotations ignored case when searching. I didn't look closely because it was an autocomplete suggestion from the search assistant. I was under the impression it knew the field names. ... View more

Surrounding Search terms with quotes

by in Splunk Search
‎10-21-2021 10:59 AM
‎10-21-2021 10:59 AM
Hi all, new user here. I was getting started on the tutorial and using the start searching page that came up after adding the data successfully I'm seeing behaviour I don't understand. The search index="splunktutorial" source="tutorialdata.zip:*"  "categoryid=sports" returns results but index="splunktutorial" source="tutorialdata.zip:*" categoryid="sports" or index="splunktutorial" source="tutorialdata.zip:*" categoryid=sports don't return results. To be more confusing I added the condition  action=purchase  to the search that returned results and it worked as expected to return results where the action was "purchase". https://docs.splunk.com/Documentation/SCS/current/Search/Quotations The splunk documentation for quotation says all string literals must be in double quotes but gives no examples where the field has to be included. Both categoryid and action are classified as strings. Any help understanding what is going on would be appreciated. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-22-2021 12:35 AM
Karma given to
View All