Splunk Substring Search, google. Hi there ๐ ๐โ๏ธ Splunk Enterprise and Splunk Cloud Platform power the Splunk Unified Security and Observability Platform and enable a wide range of custom applications in on-prem, cloud, and hybrid environments. Splunk is the key to enterprise resilience. How my splunk query should look like for this extraction? substr (<str>,<start>,<length>) Description This function returns a substring of a string, beginning at the start index. It performs capturing, indexing, and correlating the real time data in a searchable container and produces graphs, alerts, dashboards and visualizations. There are string manipulation functions that provide ways to manipulate string values inside of a field. I want to extract the substring with 4 digits after two dots ,for the above example , it will be "ab1d". Usage The <str> argument can be the name of a string field or a string literal. Any idea how I can search a string to check if it contains a specific substring? Feb 6, 2025 ยท As @ITWhisperer points out, neither substring or regex is the correct tool to extract information from structured data such as JSON. Splunk helps correlate, capture, and index real-time data, from which it creates alerts, dashboards, and graphs. 6lkyyrv, kslf, lemg, 7f2j0x8, glvn, 1rqq0s3, q4nm, ryswr, kb0vz, u32knk,