Getting Data In

remove prefix on every events using SEDCMD

roopeshetty
Path Finder

Hi Guys

 

We are getting logs through syslog with its priority / facility data “ <14>1” prepended with every events as below;

 

 

<14>1 2024-01-18T13:45:06.621+0000 756565656565701b-cd27-475e-bab4-3e0e0893d273

<14>1 2024-01-18T13:39:47.014+0000 565gt5t54t-cd27-475e-bab4-565656565gh

 

roopeshetty_1-1705586279086.jpeg

 

 

We are trying to remove this prefix texts “<14>1” using SEDCMD  on props.conf as below;

 

[source::tcp:7514]

SEDCMD-strip-tcp-priority=s/^<\d+>//

 

This is doing almost very close help by removing “<14>” but still “1” is coming up in events. Can some one please help us how to remove this prefix “ <14>1” on every events using SEDCMD ?

 

 

Regards.

Labels (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
SEDCMD-strip-tcp-priority=s/^<\d+>\d//

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
SEDCMD-strip-tcp-priority=s/^<\d+>\d//
0 Karma

roopeshetty
Path Finder

Hi ITWhisperer,

 

Thanks, its almost done, but i see a space (gap) before the timestamp, how can we delete this space?

roopeshetty_1-1705587291332.png

 

 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
SEDCMD-strip-tcp-priority=s/^<\d+>\d\s//

PickleRick
SplunkTrust
SplunkTrust

If you need to tweak your regexes, that's a great interactive tool to test them.

https://regex101.com/

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...