All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

create custom source type

Edmondi
Explorer
‎07-20-2013 01:00 PM

I'm having trouble understanding how to create customer fields for my application logs. My logs have the following fields:

Timestamp SourceIP Token HTTP.Method URL Query.String Post.Data User.Agent

  • Delimiter is the TAB character.
  • I need to discard sourceIP in the indexing process.
  • The Token is a 24 characters string
  • Depending on the http method the Query.String and Post.Data are optional.

Can you please help me with a custom "pattern or regex" or "props.conf".

Thank you,
Edmond.

0 Karma
Reply
1 Solution
Solved! Jump to solution

Edmondi
Explorer
‎07-21-2013 03:15 AM

Thanks Ayn.
I did see some general topic on other documents but this type of explanations I didn't find. If I will have further queries I will come back here :).

0 Karma
Reply
Solved! Jump to solution

Edmondi
Explorer
‎07-21-2013 12:41 AM

Get method without query.string:

2013-07-20 10:56:54,188 62.75.10.167 tQxfxrcFuj=kdjxmxuq.R5ka GET /root/index.html Mozilla/5.0 (Linux; Android

Get method with query.string:

2013-07-20 10:57:14,764 62.75.10.167 tQxfxrcFu=Akdjxmx,qpR5ka GET /root/liquide.html language=en_US Mozilla/5.0 (Linux; Android

Post method:

2013-07-20 15:05:49,007 62.75.10.158 B52Je4k-XRCVPXm2JUzH8BZ3 POST /office/buy.html &tel_phone=123456789012&amount=123456&personal.token.name=personal.token&personal.token=ER6XEIF6JHLI620Y8KR3IZWSGF7IGCRZ Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaE71-1

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...