Hi,
I'm struggling with doing a regex search.
I want to search the whole log files for credit card information. Since its not necessary in a field I want to do it as a full search.
Unfortunately I don't get Splunk to even make the easiest regex search.
For example:
index="ABC" regex _raw="INFO"
index="ABC" regex field=_raw "INFO"
result empty. INFO is in nearly every third _raw Field.
It does not change when I exchange regex with rex.
I'm sure its something very simple unfortunately I seem to be unable to find it.
... View more