Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I use regex to list a table?

jacknguyen
Path Finder
‎04-04-2023 12:28 AM

I have a event like this:
image.png

I want to list a table following CLIENT_LIST. For example:

ip_vpn            name_vpn       time_vpn

10.10.0.20    louis_tran        Tue Apr 4 9:21:41 2023

10.0.0.21       wanki_trinh    Tue Apr 4 9:15:02 2023

---------------------

Anyone have any idea

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-04-2023 12:55 AM

ITWhisperer_0-1680594933653.png

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎04-04-2023 06:44 PM

the table show nothing image.png

Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎04-04-2023 08:52 PM

You have a space in your rex statement after CLIENT_LIST,

You should have

CLIENT_LIST,(?<

you have

CLIENT_LIST, (?<
0 Karma
Reply
Solved! Jump to solution

jacknguyen
Path Finder
‎04-04-2023 09:54 PM

it works. thank you. How ever the table like this: 

image.png

And I just want splunk show the latest event and mvexpand it like this:

I try to use ||stats latest but its not working. Do you know how to do this

image.png

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-04-2023 12:55 AM

ITWhisperer_0-1680594933653.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...