My search is pulling out events with the date embedded within the event, eg:
[2020-10-05 07:23:08.308] ALL **** sending file= /u01/shared/pc/files/OUT/IF_148/Transferring/XXX_XXXXXX..XX_LUIS_312XXX_20201005_001.csv
[2020-10-05 13:40:17.101] ALL **** sending file= /u01/shared/pc/files/OUT/IF_148/Transferring/XXX_XXXXXX..XX_EDIW_312XXX_20200721_003.CSV
The embedded dates in the format '202001005' & '202001005' respectively. Is there a way to search in Splunk for events that will only pick up the events for a certain date embedded within them? - without having to manually alter the search each time?
(current search for ref: **** sending file= /u01/shared/pc/files/OUT/IF_148/Transferring/*312*)
The regex command may help. It filters events based on a regular expression.
index=foo "**** sending file= /u01/shared/pc/files/OUT/IF_148/Transferring/*312*"
| regex file="2020\d{4}"
The regex command may help. It filters events based on a regular expression.
index=foo "**** sending file= /u01/shared/pc/files/OUT/IF_148/Transferring/*312*"
| regex file="2020\d{4}"
That is great - thanks !
I am currently trying to use a regex to pick out the events with the date '2020XXXX' - I want the regex to search pick up any event date providing it does not have 'reg' following the '.' or '_' (pick out all the event dates below, except the first). How do I do this?
Current regex: 2020\d{4}[\.\_]
List of different events\logs from the splunk search:
_20201007144100_20200416_reg.zip
_20201007103200_20201007.zip
_20201007095000_20201007.zip
_20201007092933_20201007.zip
_20201007061717_20201007_txn.zip
_20201007041719_20201007.zip