cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ammannpa
New Member
Member since: ‎03-26-2013
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-26-2013
Activity Feed
Topics I've Started
View All

Search with placeholder

by in Splunk Search
‎03-26-2013 03:11 AM
‎03-26-2013 03:11 AM
I would like to filter the following messages in a way that i would get only the events where "DISK "?" Status : Online, Spun Up" AND "DISK "?" State : Warning" does match. The problem is that the placeholder "?" should be the same Number. Therefore the search should only return the DISK 3 Error but not the DISK 4 one. Since the Index of the DISK could have different Numbers, i have to work with a placeholder but i don't know how. 2013-03-23 04:00:26 h0000.domain.org [1.1.1.1]: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1364007626) 157 days, 20:54:36.26 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.393.3.9.1.8 SNMPv2-SMI::enterprises.393.3.9.1.8 = STRING: "DISK 3 Slot Number : 2.DISK 3 Enclosure ID : 8.DISK 3 Status : Online, Spun Up.DISK 3 Serial Number : 52888162g8hgt28927gst SN12.DISK 3 Capacity : 1.819 TB .DISK 3 State : Warning.DISK 3 Type : SATA.DISK 3 Foreign state : None.DISK 3 ErrorStatus : 3..DISK 4 Slot Number : 3.DISK 4 Enclosure ID : 8.DISK 4 Status : Unconfigured(good).DISK 4 Serial Number : 73HGSU7623h3482jdu2b SN12.DISK 4 Capacity : 1.819 TB .DISK 4 State : Warning.DISK 4 Type : SATA.DISK 4 Foreign state : None.DISK 4 ErrorStatus : 3.." SNMPv2-SMI::enterprises.393.3.9.1.1 = STRING: "host01" ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM