Posted by

Important Splunk commands

 To list all the available indices and their source types

| tstats values(sourcetype) where index=* group by index


To search the text whose length is greater than 30 characters

index={index-name} sourcetype={source-type} (gc_c={ISO-Code}) | eval searchtext_dec=urldecode(searchtext) |table searchtext_dec | where len(searchtext_dec) > 30


To use regex in the where clause

index={index-name} sourcetype={source-type} (gc_c={ISO-Code}) | eval searchtext_dec=urldecode(searchtext) |table searchtext_dec | where len(searchtext_dec) > 30 | regex searchtext_dec !="[^\x00-\x7F]+"

This will return text string with all  the english characters

Email Post

Comments

Post a Comment

Popular Posts