...roperly, at moment I tried the delimiters but it doesn't work with : I believe I will have to write an regularexpression (this is where I got stuck as I have no clue how...) Basically what I...
...ame is cpu , the type is regex-based with the regularexpression ^.*/cpu-([0-9]+)/ and the source key source . According to the form, the default format ( <transform_stanza_name>::$1 ) s...
...expression I am getting the value from the first line but not from the other lines. I want to capture the fields that start after INFO.getCustomFieldValues(): field.
...iolated; which should be 2 IT-IDM-Policy (66%), and 1 HR-IDM-Policy (33%).
I have extracted afield named “Policy_Violated” by regularexpression ^(?:[^:\n]*:){6}\s+(?P[^,]+). And the results are e...
...yField4.
I have aregularexpression which can fetch directory names under path \Splunk\etc\apps\appName\logs.
But I am struggling to add such field in splunk application.
Any help will be appreciated....
Hi ,
I have 2 events like below and I need to find the difference in time between 2 events. There may be a lot of other events between them.
I'm trying to write aregularexpression to e...
Can anyone help me with aregularexpression for an extraction please?
Need to extract "failure" from below and add to field called "Error":
160.2:ERR Code = <1/failure/7353280025534419&g...
...ariable it is use in the regularexpression for extracting the variable "blabla". The reason I need to this it is because I have a token value which is a string and I need to trim the leading zero of t...
...rror.
I tested my regularexpression with a rex extraction - so I think that part works.
I also tried simplifying and just extracting a single field.