Can someone help explain why "partial" search doesn't work for me?
It's an ASA syslog... when I search for a full syslog event "%ASA-4-713903" it finds it, when i search "%ASA-4-" the "%ASA-4-713903" is among the results, but when I search ""%ASA-4-71390" it finds nothing.
Thanks!
Add an asterisk to the end:
"%ASA-4-71390*"
I does full words only if you don't add the asterisk.
Thanks for both answers!
Hey @ptur, if @somesoni2 or @cpetterborg solved your problem, please don't forget to accept an answer! You can upvote posts as well. (Karma points will be awarded for either action.) Happy Splunking!
For understand that behavior, you need to understand how Splunk stores the data in Splunk for text based searching. The phenomenon I'm referring to is 'Event Segmentation' and you can find all you need here:http://docs.splunk.com/Documentation/Splunk/6.6.2/Data/Abouteventsegmentation
Add an asterisk to the end:
"%ASA-4-71390*"
I does full words only if you don't add the asterisk.