Splunk Search

How to extract the application name from the log file path or process in a search?

vikasshinde
New Member

My goal is to create an application list running from all servers in the form of table.

index=unix* host=* sourcetype=ps  user="*" user=* NOT user=root

This way I am getting all the processes owned by nonroot users. I am trying to identify application name (web,app and db) apache(with /app/apache/"application name", jboss application name (/app/jboss/servers/"app name" and db name (pmon).

To all experts, is there any way to extract application/db name (web/app/db) using single search so that it can be presented as a table?

Table format:

Hostname Webname Applicationname DBname

0 Karma

regexcracker
New Member

Please provide some small piece of logger to create exact regex

0 Karma

stephane_cyrill
Builder

try this:

   index=myindex | eval [rest /services/search/jobs splunk_server=local | addinfo | where sid = info_sid | rename eai:acl.app as my_app_name | return my_app_name]
0 Karma

woodcock
Esteemed Legend

Try this:

... | rex field=_source "/(?:(?:app/apache)|(?:app/jboss/servers)/(?<app>[^\]*)
0 Karma
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...