(Optional) In the Description field, enter a description for the input. (Optional) In the Source name override field, enter a source name for events that this input generates. If you use a wildcard for the value, NOT fieldA=* returns events where fieldA is null or undefined, and fieldA!=* never returns any events. In the Name field, enter a name for the token. The following search returns events where fieldA exists and does not have the value "value2". The following search returns everything except fieldA="value2", including all other fields. search: String Response filter, where the response field values are matched against this search expression. Searching with the boolean "NOT" comparison operator is not the same as using the "!=" comparison. | search sourcetype=access_combined_wcookie action IN (addtocart, purchase) 5. In the events from an access.log file, search the action field for the values addtocart or purchase. Field Description url: The url at which the matching search result is located category The category that the search result belongs to. This example shows how to use the IN operator to specify a list of field-value pair matchings. | search host=webserver* status IN(4*, 5*) 4. | search host=webserver* (status=4* OR status=5*)Īn alternative is to use the IN operator, because you are specifying two field-value pairs on the same field. Transactions have three separate END states: SUCCESS: The transaction was stopped normally through a transactionStop API Call CANCEL: The transactionw was cancelled, the API requires a reason for canceling a transaction FAIL: Active transactions are automatically failed when an exception crashes the application. This example searches for events from all of the web servers that have an HTTP client and server error status. This example shows field-value pair matching with wildcards. | search (code=10 OR code=29 OR code=43) host!="localhost" xqp>5Īn alternative is to use the IN operator, because you are specifying multiple field-value pairs on the same field. This example searches for events with code values of either 10, 29, or 43 and any host that is not "localhost", and an xqp value that is greater than 5. This example shows field-value pair matching with boolean and comparison operators. Access key-value data across your search head cluster. Apply role-based access to control which users are allowed to access and manage data. Define a set of typed fields for your data. This example shows field-value pair matching for specific values of source IP (src) and destination IP (dst). Perform Create-Read-Update-Delete (CRUD) operations on individual records using the Splunk REST API and lookups using the Splunk search processing language. To learn more about the search command, see How the search command works. The following are examples for using the SPL2 search command.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |