topic Re: How to Use Regex and filter out the GET logs in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-to-Use-Regex-and-filter-out-the-GET-logs/m-p/374981#M160468 <P>This regex string matches your sample data set. It's hardcoded for the three IP addresses you gave. If the real address is larger, the regex may become unmanageable.</P> <PRE><CODE>GET\s\/\s-\s80\s-\s10\.228\.(?:9\.1|23\.241|23\.242) </CODE></PRE> Fri, 30 Jun 2017 15:32:58 GMT richgalloway 2017-06-30T15:32:58Z How to Use Regex and filter out the GET logs https://community.splunk.com/t5/Splunk-Search/How-to-Use-Regex-and-filter-out-the-GET-logs/m-p/374979#M160466 <P>Hi ,</P> <P>We want to filter the data using REGEX in props.conf and tansforms.conf but still the data is coming into Splunk. We have tried few methods but still logs are reaching splunk so kindly help on this request.</P> Fri, 30 Jun 2017 13:46:02 GMT https://community.splunk.com/t5/Splunk-Search/How-to-Use-Regex-and-filter-out-the-GET-logs/m-p/374979#M160466 anandhalagarasa 2017-06-30T13:46:02Z Re: How to Use Regex and filter out the GET logs https://community.splunk.com/t5/Splunk-Search/How-to-Use-Regex-and-filter-out-the-GET-logs/m-p/374980#M160467 <P>Do this:<BR /> <A href="http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Forwarding/Routeandfilterdatad#Filter_event_data_and_send_to_queues">http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Forwarding/Routeandfilterdatad#Filter_event_data_and_send_to_queues</A><BR /> If you are doing this, show us your settings.</P> Fri, 30 Jun 2017 15:31:54 GMT https://community.splunk.com/t5/Splunk-Search/How-to-Use-Regex-and-filter-out-the-GET-logs/m-p/374980#M160467 woodcock 2017-06-30T15:31:54Z Re: How to Use Regex and filter out the GET logs https://community.splunk.com/t5/Splunk-Search/How-to-Use-Regex-and-filter-out-the-GET-logs/m-p/374981#M160468 <P>This regex string matches your sample data set. It's hardcoded for the three IP addresses you gave. If the real address is larger, the regex may become unmanageable.</P> <PRE><CODE>GET\s\/\s-\s80\s-\s10\.228\.(?:9\.1|23\.241|23\.242) </CODE></PRE> Fri, 30 Jun 2017 15:32:58 GMT https://community.splunk.com/t5/Splunk-Search/How-to-Use-Regex-and-filter-out-the-GET-logs/m-p/374981#M160468 richgalloway 2017-06-30T15:32:58Z Re: How to Use Regex and filter out the GET logs https://community.splunk.com/t5/Splunk-Search/How-to-Use-Regex-and-filter-out-the-GET-logs/m-p/374982#M160469 <P>It is in the documentation here:</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/6.6.1/Forwarding/Routeandfilterdatad#Filter_event_data_and_send_to_queues">http://docs.splunk.com/Documentation/Splunk/6.6.1/Forwarding/Routeandfilterdatad#Filter_event_data_and_send_to_queues</A></P> Mon, 03 Jul 2017 14:54:26 GMT https://community.splunk.com/t5/Splunk-Search/How-to-Use-Regex-and-filter-out-the-GET-logs/m-p/374982#M160469 woodcock 2017-07-03T14:54:26Z