I am new to Splunk and would appreciate if anyone helps me on this. I would like to know the splunk query- for properties that have this log "not found in cache and enable, trying to return from" and NOT have "No content returned for" , this particular log These strings are on a different line

INFO - Service - Getting content=tItem for property=79551

INFO - Service - content=Item "not found in cache and enable, trying to return from",property=79551

INFO - Service - "Returning content from" resource=Item property=79551

INFO - Service - content=Item "not found in cache and is healthy, trying to return from",property=79551

INFO - Service - "No content returned for" property=79551, content=Item

sumarising once-more the condition include "not found in cache and enable, trying to return from" and exclude "No content returned for" need to have such properties as the final result.

Can someone kindly help me on this.

1 Answer

Excluding a string from search results is just a matter of using the NOT operator with the undesired string.

index=foo "not found in cache and enable, trying to return from" NOT "No content returned for"

4

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.