Splunk Search

How to query a string log value based on another string value?

jaj
Path Finder

How can I query for string1val but make sure that stringval2!=0?

I tried something like this but new to splunk.

source=*/thelog.log stringVal1=0 where stringVal2!=0 | stats count

Tags (2)
0 Karma
1 Solution

linu1988
Champion
source=*/thelog.log (stringVal1=0 AND stringVal2!=0) | stats count

View solution in original post

0 Karma

linu1988
Champion
source=*/thelog.log (stringVal1=0 AND stringVal2!=0) | stats count
0 Karma

somesoni2
SplunkTrust
SplunkTrust

Are you looking for a query to search for one string and ensure that other string is not found? If yes then try something like this

source=yoursource "string1Val" NOT "string2Val"

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...