Splunk查询不包含文本的匹配行

Question

要查找包含“ gen-application”的日志记录行，请使用以下搜索查询：

source="general-access.log" "*gen-application*"

如何修改查询，以便返回不包含“ gen-application”的行？

source =“ general-access.log”！=“” gen-application “返回错误：

Error in 'search' command: Unable to parse the search: Comparator '!=' has an invalid term on the left hand side: 

Answer 1

我将使用const routes: Routes = [ { path: '', redirectTo: 'items', pathMatch: 'full' }, { path: 'items', children: [ { path: '', loadChildren: './items/items.module#ItemsPageModule' }, { path: 'address', loadChildren: './items/address/address.module#AddressPageModule' }, ] } ]; 运算符。

NOT

请记住，Splunk也支持source="general-access.log" NOT "*gen-application" 和AND。