This is an old thread, but maybe someone gets some help from this.... It looks like you can't search in the _raw record of the data, however it is possible to filter on host or some of the other fields created at index time. If you look in a non-filtered CSV you will see the syntax for host. The filter for export_search would then be 'host::<hostname>' Note that exporttool is unsupported, so a better alternative may be ./splunk export which may filter on other terms.
... View more