Solved: Re: How do I return a search for a field that cont...

jbala1 · ‎10-14-2016

example:

If I have a list of user and I want to search and the users who only have a number in that field;

John_doe
John_doe1
Jane_doe
Jane_doe2

How do I return just the users with numbers associated to their field?

inventsekar · ‎10-14-2016

this regex will return all field "UserName" which are having a number.

 your base search | regex UserName="\w+\d"

tested this and its working fine -
to list all hosts which are having a digit/number in them -

index=_internal | regex host="\w+\d"

inventsekar · ‎10-14-2016

this regex will return all field "UserName" which are having a number.

 your base search | regex UserName="\w+\d"

tested this and its working fine -
to list all hosts which are having a digit/number in them -

index=_internal | regex host="\w+\d"

jbala1 · ‎10-14-2016

Thank you. That answer solved my problem.

cmerriman · ‎10-14-2016

how about

|eval userNumbers=match(userField,"\d")

that should give you a true/false of users with digits in their username and you can search from there.

How do I return a search for a field that contains a number?