Reporting

Email strip

New Member

In my log file there is a uid/ email field. The splunk search should not display/ignore result if the email domain is for example google, yahoo. Splunk should display result associated with mydomain.

If thelog have ..... uid = myname@mydomain.com.......uid = myname@gmail.com...... uid= mail@yahoo.com..... uid = mail@aol.com......uid=null

The splunk search should spit out uid = myname@mydomain.com. How to do this? Help! help!

Tags (1)
0 Karma
1 Solution

Motivator

Hello

First, if you havent done it yet, you need to extract the email field. Using the regex command, for example:

..| regex "(?<email>[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z0-9]+)" | ...

Then you need to filter the results with

..| search email="*@mydomain.com" | ...

Regards

View solution in original post

Motivator

Hello

First, if you havent done it yet, you need to extract the email field. Using the regex command, for example:

..| regex "(?<email>[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z0-9]+)" | ...

Then you need to filter the results with

..| search email="*@mydomain.com" | ...

Regards

View solution in original post

New Member

Thanks for your regx to extract only the email. Your answer is perfect. But I asked the question differently. My bad. It helped.

But how do i use it in Dashboard? Do i need to have escape character for (?...

0 Karma