To find logging lines that contain "gen-application" I use this search query :
source="general-access.log" "*gen-application*"
How to amend the query such that lines that do not contain "gen-application" are returned ?
source="general-access.log" != "gen-application" returns error :
Error in 'search' command: Unable to parse the search: Comparator '!=' has an invalid term on the left hand side:
I would use the NOT operator.
source="general-access.log" NOT "*gen-application"
Keep in mind that Splunk also has support for AND and OR.