Hello all,
I am new to Splunk, so please excuse any gaps in my knowledge :).
I am trying to create customized alerts based on hostname filtering. The issue at hand can be described very simply, when creting any query for an alert condition the results provide a return for all hosts meeting the criteria, But when I try to filter on a broader range(wildcards), I receive no results. The queries work when either providing a specific host, or no host at all, wildcard hosts give no results.
index=* `alerting_filesystem_usage`
This gives the results in the first screenshot.
index=* `alerting_filesystem_usage` | where host='*72*'
This or any variation of the wildcard returns no results. Can someone please provide some guidance, as I cannot find any logic behind the behavior.
![alt text][1]
[1]: /storage/temp/274679-wildcard-host.png
↧