regex for Apps

fuster_j · ‎06-05-2012

I'm looking for the regex for extracted fields in a custom built app. I cannot find them in any props.conf and transforms.conf. Are they stored in different location for Apps?

kristian_kolb · ‎06-06-2012

Depending on how the app is built they could also be stored as rex statements inside saved searches used by the app. If you wrote the app, you would probably know that already 🙂

Kristian

Ayn · ‎06-06-2012

No, they go in props.conf / transforms.conf in either the app's default or local directory.

regex for Apps

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Join the Conversation

regex for Apps

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub