Reporting

Hmail Logfile Help

jkat54
SplunkTrust
SplunkTrust

Hi,

I need to take this type of one line log entries and format them

"SMTPD" 2056 32922 "2012-07-24 13:01:00.097" "172.0.0.1" "SENT: 220 blah.com ESMTP"

I think those are tabs.

I want splunk to create table with the following fields/columns anytime an eventsource="SMTP"
FIELDS = Type,Number,MSG_ID,Date,IP,Message

I tried putting this in props.conf
[smtp]
DELIMS = "/t"
FIELDS = Type,Number,MSG_ID,Date,IP,MSG

This is a windows installation.

Tags (2)
0 Karma
1 Solution

Ayn
Legend

The direction of your slash is wrong. It should be a backslash, not a forward slash.

Also, these settings go as a transform in transforms.conf. This transform is then referred to from props.conf. Something like this.

props.conf:

[smtp]
REPORT-smtp = getsmtpfields

transforms.conf:

[getsmtpfields]
DELIMS = "\t"
FIELDS = Type,Number,MSG_ID,Date,IP,MSG

View solution in original post

Ayn
Legend

The direction of your slash is wrong. It should be a backslash, not a forward slash.

Also, these settings go as a transform in transforms.conf. This transform is then referred to from props.conf. Something like this.

props.conf:

[smtp]
REPORT-smtp = getsmtpfields

transforms.conf:

[getsmtpfields]
DELIMS = "\t"
FIELDS = Type,Number,MSG_ID,Date,IP,MSG

jkat54
SplunkTrust
SplunkTrust

Just to add to this, i still had to add the table command to my search "table Type,Number,MSG_ID,Date,IP,MSG" and then i got exactly what I was looking for. Couldnt have done it without Ayn though. Thanks Ayn!

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...