Solved: Re: How to Use Regex and filter out the GET logs

anandhalagarasa · ‎06-30-2017

Hi ,

We want to filter the data using REGEX in props.conf and tansforms.conf but still the data is coming into Splunk. We have tried few methods but still logs are reaching splunk so kindly help on this request.

richgalloway · ‎06-30-2017

This regex string matches your sample data set. It's hardcoded for the three IP addresses you gave. If the real address is larger, the regex may become unmanageable.

GET\s\/\s-\s80\s-\s10\.228\.(?:9\.1|23\.241|23\.242)

---
If this reply helps you, Karma would be appreciated.

View solution in original post

woodcock · ‎07-03-2017

It is in the documentation here:

http://docs.splunk.com/Documentation/Splunk/6.6.1/Forwarding/Routeandfilterdatad#Filter_event_data_a...

richgalloway · ‎06-30-2017

This regex string matches your sample data set. It's hardcoded for the three IP addresses you gave. If the real address is larger, the regex may become unmanageable.

GET\s\/\s-\s80\s-\s10\.228\.(?:9\.1|23\.241|23\.242)

---
If this reply helps you, Karma would be appreciated.

woodcock · ‎06-30-2017

Do this:
http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Forwarding/Routeandfilterdatad#Filter_event_d...
If you are doing this, show us your settings.

How to Use Regex and filter out the GET logs

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services