Re: Search a word not indexed

simisreedharan · ‎03-02-2019

Suppose i search for a word that is not indexed by splunk, whether those logs which contain that word will be returned during search?

MousumiChowdhur · ‎03-02-2019

Hi @simisreedharan,

Yes, if your log contains that keyword it will be returned during the search. Can you elaborate more on your requirement or use case?

Thank You!

simisreedharan · ‎03-03-2019

Thanks for the reply. I just started learning splunk. So this question arose in my mind. So thought of asking.

DavidHourani · ‎03-02-2019

Hi @simisreedharan,

Could you please clarify your question ?

If data is not indexed by Splunk you cannot search it. If you mean to ask about searching for a word that is not extracted as a field then the answer is yes it is possible. You simply run your search as follows :

index=yourIndex "yourWordHere"

That will return any events that contain the word you are searching for.

Cheers,
David

simisreedharan · ‎03-03-2019

Thanks for the answer.

DavidHourani · ‎03-03-2019

you're most welcome ! please accept if it helped 😉

Search a word not indexed

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases