Hello everyone, I'm a beginner in using Splunk. I'm facing an issue in finding a search solution for the following idea: I'm logging the deletion behavior of files, and I have whitelisted some import...
Hi, I'm trying to get wildcard lookups to work using the "lookup" function. I've followed guidance to set up the "Match Type" for the fieldin the lookup definition as per Define a CSV lookup in S...
I have a search that uses some wildcards:
sourcetype="EPPWEB" source="/opt/log/*/web_server/info.log" WAT
| rex field=_raw "USER (?P<registrar>\[\d+-\w\w\]) downloading .*/(?<filename&g...
We are trying to filter out events from a Syslog server that is ingesting data for a number of sources but the one we are trying to filter is from our Meraki devices. Each Meraki is considered ...
I need some help on the syntax of wildcards in the search. I have multiple servers and I don't want to keep using OR. For example I have "server01" through "server21" and I sometimes want to just p...
Hello,
I am using splunk 9.0.0.1, and running btool to list out my index settings. The trouble is I only want one stanza, but btool treats the stanza as a wildcard.
splunk btool&n...
Im trying to set a boolean based on a match in a string.
I want to set a value to 1 if it does not match ingestion* and set it to 0 if it does match.
The following example shows the problem:
...
I'm trying to use wildcards in a lookup file and am not able to get them working. I have referenced other posted answers but am not having success. Steps I have taken:
Created a lookup file c...
...rl_requested.csv" with that in "malicious.csv" and get only those url and description which has a match in "malicious.csv" . url_requested.csv lookup has url column with wildcard prefixed and suffixed. I h...