Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to filter IIS logs with regular expression?

markuxProof
Path Finder
‎02-17-2017 10:45 AM

Greetings,

I'm trying to make a regular expression to filter the IIS logs.
I want Splunk to index only logs whose sc-status field> = 500, but I'm not able to implement.

Can someone help me?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

markuxProof
Path Finder
‎02-17-2017 10:54 AM

Guys, I think I already have it. I did the reverse. I have selected for exclusion records < 500

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

markuxProof
Path Finder
‎02-17-2017 10:54 AM

Guys, I think I already have it. I did the reverse. I have selected for exclusion records < 500

0 Karma
Reply
Solved! Jump to solution

markuxProof
Path Finder
‎02-20-2017 05:15 AM

Thanks @ Woodcock. That's what I needed.

0 Karma
Reply
Solved! Jump to solution

markuxProof
Path Finder
‎02-22-2017 09:55 AM

For those with the same doubt, I did a regex that corresponds to http <500 status in IIS Logs:
([1-4]\d+|\b0\b)

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎02-18-2017 02:53 PM

Yes, you NullQueue the ones to drop with props.conf and transforms.conf.

Reply
Solved! Jump to solution

aaraneta_splunk
Splunk Employee
Splunk Employee
‎02-17-2017 03:33 PM

@markuxProof - Was the above the solution to your question? Or were you just providing more context? If it's the former, let me know so I can convert it and accept it as an answer.

Reply
Solved! Jump to solution

markuxProof
Path Finder
‎02-20-2017 04:44 AM

yes aaraneta, tks.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...