Splunk Search

How to search a range of numbers?

n179911
New Member

In Splunk, how can I search for a range of numbers (e.g. from "Test213" to "Test220")?

I tried 'test2[13-20]" or 'test2(13-20)" but it does not work?

Any idea?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

The base search (before first pipe) doesn't support regular expression as filter. If you're looking for a string with range of numbers in raw data OR in a field, use regex instead, like this

your base search | regex _raw=".*Test2((1[3-9])|20).*"

OR

your base search | regex yourfield="Test2((1[3-9])|20)"

ddrillic
Ultra Champion
  basesearch 
  | eval test="Test213"
  | rex  field=test "Test(?<test_num>\d\d\d).*"

Seems to work...

0 Karma

ddrillic
Ultra Champion

A little better -

 basesearch 
| eval test="Test2130"
| rex  field=test "Test(?<test_num>(\d).*)"

sundareshr
Legend

Try this "(Test21[3456789]|220)"

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...