Splunk® App for Fraud Analytics

User Guide

Interactive search panel visualization commands

Use the following table to match search fields:

You can use partial words for matching search fields. The pipe character "|" indicates "OR". The equal sign "=" indicates an exact match. The exclamation point "!" indicates NOT.


Search field Matches
chi Matches China, Chile, Czechia
chi∣spa Matches China, Chile, Czechia, Spain
chi∣=spa Matches China, Chile, Czechia, Spa (but not Spain)
adm Matches admin, administrator
=adm Matches admin (but not administrator)
!adm Matches anything BUT NOT any values containing "admin"
!=adm Matches anything BUT NOT exact value of "admin"
=gadmin Matches anything BUT NOT exact values of "admin" or "gadmin"
joe Matches anything BUT NOT exact values of "admin" or any values containing "joe" (case insensitive)
123.45.0.0/16 Matches IP addresses to CIDR mask
67.0.0.0/8 Matches IP addresses to multiple CIDR masks
199 Matches all numerical values greater than 199
>=400 <500 Matches all numerical values within 400 ... 499 range
Last modified on 20 October, 2022
Data model definitions   What's new in the Splunk App for Fraud Analytics

This documentation applies to the following versions of Splunk® App for Fraud Analytics: 1.1.3, 1.2.4


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters