Splunk Search

How to extract the application name from the log file path or process in a search?

vikasshinde
New Member

My goal is to create an application list running from all servers in the form of table.

index=unix* host=* sourcetype=ps  user="*" user=* NOT user=root

This way I am getting all the processes owned by nonroot users. I am trying to identify application name (web,app and db) apache(with /app/apache/"application name", jboss application name (/app/jboss/servers/"app name" and db name (pmon).

To all experts, is there any way to extract application/db name (web/app/db) using single search so that it can be presented as a table?

Table format:

Hostname Webname Applicationname DBname

0 Karma

regexcracker
New Member

Please provide some small piece of logger to create exact regex

0 Karma

stephane_cyrill
Builder

try this:

   index=myindex | eval [rest /services/search/jobs splunk_server=local | addinfo | where sid = info_sid | rename eai:acl.app as my_app_name | return my_app_name]
0 Karma

woodcock
Esteemed Legend

Try this:

... | rex field=_source "/(?:(?:app/apache)|(?:app/jboss/servers)/(?<app>[^\]*)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...