I ran this search command, but the output shows all domain values.
i expect to get a domain filed that contains value ( google1,google123) only .
I use fuzzy search 2.0.5,splunk-sdk-python-1.6.5 and fuzzywuzzy-master
domain=* |fuzzy wordlist="google" compare_field="domain"
Assuming the domain field is not multivalue, the output from the app will contain two main fields:
The compare field is split up based on the provided value to option "delims" and each result is measured against the provided wordlist. Key things to keep in mind, particularly for multivalues:
This would probably be a nice feature to have so I'll fit it into the next release. Here are some examples to help highlight command usage.
Example 1:
Example 2:
Hope this helps.