All Apps and Add-ons

Splunk Add-on for ServiceNow: How to exclude logs where URL field values does not begin with a "/"?

Log_wrangler
Builder

Looking for a conf example and some advice on limiting API calls to not include events where a field contains or does not contain a certain value.

So my first question is:
When I configure ... /etc/apps/Splunk_TA_snow/local inputs.conf to "filter" will that discard events NOT containing the specified values from being indexed AND from the API call? I am thinking it should be filter_data = url="/*" to GET and index only events with a url that starts with "/"...

Can anyone share an example using the "Excluded properties" option excluding events with a field "url" (from [snow://syslog_transaction] where the value does not contain a url starting "/"?

Thank you

0 Karma
1 Solution

deepashri_123
Motivator
0 Karma

deepashri_123
Motivator
0 Karma

Log_wrangler
Builder

Thank you for the link, I was actually trying to use the snow ta conf only.

0 Karma

deepashri_123
Motivator

If that helped you can accept the answer 🙂

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.