Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

exclude logs from being tagged

ahmadjabr
Engager
‎12-11-2017 03:52 AM

Hello,

I'm trying to eliminate the "unknown action, hosts" etc. there is some log's that don't contain an Action, so its counted as an unknown action, how could I stop this log's from being tagged at the wrong tag?

Regards

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎12-11-2017 05:53 AM

Hi @ahmadjabr,

One method is to exclude those hosts using <your search> action!=unknown otherwise if you do not want unknown in action field then you need to refine your search query so it will not generate unknown result in action but this is purely depend on your raw data and app/add-on which you are using which is generating action field.

Can you please let us know what type of logs are you searching and which app/add-on are you using to generate action field?

Thanks,
Harshil

View solution in original post

Reply
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎12-11-2017 05:53 AM

Hi @ahmadjabr,

One method is to exclude those hosts using <your search> action!=unknown otherwise if you do not want unknown in action field then you need to refine your search query so it will not generate unknown result in action but this is purely depend on your raw data and app/add-on which you are using which is generating action field.

Can you please let us know what type of logs are you searching and which app/add-on are you using to generate action field?

Thanks,
Harshil

Reply
Solved! Jump to solution

wenthold
Communicator
‎12-11-2017 05:52 AM

Is this in reference to the CIM datamodels?

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...