Re: I need to extract below email body into separa...

abi2023 · ‎04-20-2023

Below I listed How I received my info. I want OS as field and "Android Server 2019" field value. similar for all .

OS: Android Server 2019
Time: Mar. 31, 2014 12:35:55 AM EDT (Mar. 31, 2014 04:35 AM UTC)
Host: Demohost1
Number: VMware-00 00 a0 c0 d0 ed 05 df-0r 0c 00 00 00 11 3p 0
Host ID: 65456zDasdsA4+64+ADSD66S
Local IP: XX.XXX.XXX.XXX
Username: fakeuser1547
Command Line: xadwd \\fdsffd\w$\vfddd\fdfdsz<fxvx://cvfvxcv/w$/vcxzvxcv/vxvcx> D:\SADSSDF /b /SZCZXC /fed /R /GJGKL:DDV /W:87 /Q:90
action info: "C:\Windows\system32\cmd.exe"
Action: HFDSHFSA SYDFYUSDFI GUIDFGIUSG dEMO ACTION has been detected.
Action Taken: demoand, usual action
Associated Value: 67A1790DCA55B8803AD024EE28F616A284DF5DD7B8BA5F68B4B252A5E925AF79"); (hash_sha256 on file_write)
intersted file: syagdisg\hdisahiuhds\hsihisdaf\fbkjdsbfa\hjdjsab\
URL: Falcon Link<https://demourl.com/e3/__https://hdsudh.ndsjnds.bdjsabd.outlook.com/?url=httpsfgfdjkbdbfbfs;dfbabsjd... cxvbdiufbduifbdfubbd8jknnd890jndnfd8nbjnbfjdf9jnfd88bfjdfbn90dhfdjnkfd980bfdjbfd0bfdjkfb8bjkdsbfjdbf9ibfdsjubf0nbjfdknbsf09nbsdifbnd89*nvkjdnbfd99JKBNDS9NKSNKJ9njknbdikjs9NKJNJK9nkmnksa0jcjisnbidhcdsi0>
Demo Action Teken: Has not sdwewdn wdnw
Verual hash: Hash value is provided as empty

woodcock · ‎04-21-2023

Save this as a field extraction against your sourcetype and you will have EVERYTHING!!!!
[\r\n]|^(?<_KEY_1>[^:]+):\s(?<_VAL_1>[^\r\n]+)

abi2023 · ‎04-24-2023

Where do I add this in source type. event breaks or Advance.

How to extract below email body into separate fields?

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?