I am looking for specific usernames in my data set that end in "a". What would the syntax be to search the username fields so that only usernames ending in "a" will appear? Is it even possible?
Assuming your username field is known as user
, the search would be something like index=<...> sourcetype=<...> user=*a | ...
You will need to share more information about your data and the search If your fields aren't being extracted correctly and a variation of what I proposed doesn't work.
Assuming your username field is known as user
, the search would be something like index=<...> sourcetype=<...> user=*a | ...
You will need to share more information about your data and the search If your fields aren't being extracted correctly and a variation of what I proposed doesn't work.