Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Can someone help me with the regex for a field ext...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can someone help me with the regex for a field extraction?
Jarohnimo
Builder
04-07-2020
10:55 AM
Below are clamav logs, I would like to create two new fields.
one called: log_level
one callled: message
log_level would be a capture group where the word "WARNING:" is. Sometimes this word will be ERROR or INFO, it's contingent
message would be a capture group where: "Can't open file /etc/rsyslog.conf.broken: Permission denied"
Moreso than the answer i'd like understanding of the reg ex so In your answer if you could please break down the reg ex so i can learn i'd truly appreciate it.
-------------------------------------------------------------------------------
WARNING: Can't open file /etc/rsyslog.conf.broken: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_buu1Z0: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_P1SWCK: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_pD4Mt4: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200021_ow7PXV: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600429_vx2xUp: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_QYox3k: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_0fEYYI: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600101_tfBE1x: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200026_aPhSxB: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1532.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1599.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1695.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1517.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1602.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1593.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1592.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1727.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1526.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1770.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1513.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1686.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1588.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1607.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1605.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1636.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1698.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1603.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1785.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1617.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1606.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1742.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1585.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1519.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1623.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1708.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1590.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1531.log: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_Myl0Qe: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_Y8YTvr: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_Svzf6O: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_QvgHg4: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200003_aWcbM9: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_eBGT5M: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200007_cPewso: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600099_vJnQRX: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200019_1cSMBo: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_RvJuPw: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600106_bhzQNt: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_BHjkuK: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200001_02GigF: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_8rXTya: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600286_wkk2hw: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200037_PR0YIo: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200030_n0sXYf: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_egUWcm: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_SER8kV: Permission denied
WARNING: Can't open file /tmp/tmp.XIvDgFrUAn: Permission denied
WARNING: Can't open file /tmp/EPEL6-GPG-KEY: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200013_qujiN0: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_g40tLJ: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600427_BuOUej: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_OpGADN: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_jbilyY: Permission denied
WARNING: Can't open file /tmp/krb5cc_888700729_110ApX: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200028_4tocVD: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600042_em0uAD: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_qjdnTq: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600043_Pyb8Hf: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600111_CtZB8x: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_HpqDys: Permission denied
WARNING: Can't open file /opt/splunk-6.4.0-f2c836328108-linux-2.6-x86_64.rpm: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 5995098
Engine version: 0.99.2
Scanned directories: 6366
Scanned files: 41938
Infected files: 0
Total errors: 83
Data scanned: 3329.70 MB
Data read: 4610.58 MB (ratio 0.72:1)
Time: 4296.029 sec (71 m 36 s)
-------------------------------------------------------------------------------
WARNING: Can't open file /etc/rsyslog.conf.broken: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_buu1Z0: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200001_n3Udh3: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_P1SWCK: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_pD4Mt4: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600429_vx2xUp: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_QYox3k: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200046_tG4INP: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_0fEYYI: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200071_HSWmZ6: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600101_tfBE1x: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1532.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1599.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1695.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1517.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1594.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1595.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1602.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1580.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1593.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1592.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1526.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1513.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1686.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1588.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1607.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1605.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1589.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1636.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1698.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1603.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1617.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1606.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1604.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1584.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1585.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1519.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1623.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1708.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1590.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1531.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1608.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1610.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1598.log: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_Myl0Qe: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_Y8YTvr: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_Svzf6O: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_QvgHg4: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200028_dJudKj: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_eBGT5M: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200012_QHbp0P: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200003_3gLmvy: Permission denied
WARNING: Can't open file /tmp/tmp.z1NhS7Cf1p: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600099_vJnQRX: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200016_ZuL9m4: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200048_CG4mxR: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200019_1cSMBo: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200037_FH62Pc: Permission denied
WARNING: Can't open file /tmp/tmp.a9xsZutIWq: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_RvJuPw: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600106_bhzQNt: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_BHjkuK: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_8rXTya: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600286_wkk2hw: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200030_n0sXYf: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_egUWcm: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_SER8kV: Permission denied
WARNING: Can't open file /tmp/tmp.XIvDgFrUAn: Permission denied
WARNING: Can't open file /tmp/EPEL6-GPG-KEY: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200013_qujiN0: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_g40tLJ: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600427_BuOUej: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_OpGADN: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_jbilyY: Permission denied
WARNING: Can't open file /tmp/krb5cc_888700729_110ApX: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200051_5IDsNl: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600042_em0uAD: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200049_70bzRj: Permission denied
WARNING: Can't open file /tmp/tmp.E4AJCzpOIr: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200007_R3pBFi: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_qjdnTq: Permission denied
WARNING: Can't open file /tmp/tmp.nEx5K1P19V: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600043_Pyb8Hf: Permission denied
WARNING: Can't open file /tmp/tmp.3xu23Z8tDj: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600111_CtZB8x: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_HpqDys: Permission denied
WARNING: Can't open file /opt/splunk-6.4.0-f2c836328108-linux-2.6-x86_64.rpm: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 6319346
Engine version: 0.99.2
Scanned directories: 7233
Scanned files: 45947
Infected files: 0
Total errors: 100
Data scanned: 3594.28 MB
Data read: 4821.47 MB (ratio 0.75:1)
Time: 485.906 sec (8 m 5 s)
-------------------------------------------------------------------------------
WARNING: Can't open file /etc/rsyslog.conf.broken: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200048_SKap8h: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_buu1Z0: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_P1SWCK: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_pD4Mt4: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200071_e3US5K: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200021_IfCsp4: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600429_vx2xUp: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_QYox3k: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200046_tG4INP: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_0fEYYI: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600101_tfBE1x: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1587.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1599.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1594.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1595.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1602.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1580.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1593.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1592.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1566.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1578.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1611.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1588.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1607.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1605.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1589.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1603.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1583.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1596.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1606.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1604.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1584.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1582.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1620.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1585.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1623.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1590.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1577.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1608.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1610.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1598.log: Permission denied
WARNING: Can't open file /tmp/vmware-root/vmware-apploader-1591.log: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_Myl0Qe: Permission denied
WARNING: Can't open file /tmp/tmp.0qPyyvkhIw: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_Y8YTvr: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_Svzf6O: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_QvgHg4: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200028_dJudKj: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_eBGT5M: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200012_QHbp0P: Permission denied
WARNING: Can't open file /tmp/tmp.z1NhS7Cf1p: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600099_vJnQRX: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200019_1cSMBo: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200065_NZfYE4: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200037_FH62Pc: Permission denied
WARNING: Can't open file /tmp/tmp.a9xsZutIWq: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200003_Ysuwzs: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_RvJuPw: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600106_bhzQNt: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_BHjkuK: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_8rXTya: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600286_wkk2hw: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200030_n0sXYf: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200001_VezxBM: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_egUWcm: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_SER8kV: Permission denied
WARNING: Can't open file /tmp/tmp.XIvDgFrUAn: Permission denied
WARNING: Can't open file /tmp/EPEL6-GPG-KEY: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200013_qujiN0: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_g40tLJ: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200049_zrBoRF: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600427_BuOUej: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200051_5uiGLr: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_OpGADN: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_jbilyY: Permission denied
WARNING: Can't open file /tmp/krb5cc_888700729_110ApX: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200047_iM0nZM: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600042_em0uAD: Permission denied
WARNING: Can't open file /tmp/tmp.E4AJCzpOIr: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200007_R3pBFi: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_qjdnTq: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200016_7hh0tc: Permission denied
WARNING: Can't open file /tmp/tmp.nEx5K1P19V: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600043_Pyb8Hf: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200062_Y3tkcC: Permission denied
WARNING: Can't open file /tmp/tmp.3xu23Z8tDj: Permission denied
WARNING: Can't open file /tmp/tmp.KgPSpEWZwR: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600111_CtZB8x: Permission denied
WARNING: Can't open file /tmp/krb5cc_888600038_HpqDys: Permission denied
WARNING: Can't open file /tmp/krb5cc_1846200067_xWpi42: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 6319470
Engine version: 0.99.4
Scanned directories: 8003
Scanned files: 47590
Infected files: 0
Total errors: 105
Data scanned: 4118.82 MB
Data read: 5005.36 MB (ratio 0.82:1)
Time: 556.020 sec (9 m 16 s)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
04-07-2020
11:12 AM
Check out the ClamAV TA (https://splunkbase.splunk.com/app/3619/). It should do the fields extractions for you.
This regex should do the job. It looks for one of the log levels and extracts it into the 'log_level' field then takes everything after the following colon and puts it in the 'message' field.
(?<log_level>WARNING|ERROR|INFO): (?<message>.*)
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!
Enterprise Security Content Update (ESCU) | New Releases
In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
(This is the first of a series of 2 blogs).
Splunk Enterprise Security is a fantastic tool that offers robust ...
Index This | What are the 12 Days of Splunk-mas?
December 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with another ...
