Hi have a scenario, where I would like to extract the field OfferCode which has space after and before the code:
OfferCode : XYZAQERWSD
Please help with rex command to extract this field OfferC...
hello splunkers! new to splunk and i am needing to extract a word from a message field.
this is the message
The Cluster Service service entered the running state.
i want to extract "running sta...
...etBSD|OpenBSD|OpenVMS|Server 2012|Server Core 2012|Server 2016|Server 2019|Ubuntu|Solaris|Unix|ESX|vCenter Server|rbash|[\*\*\*\*\*\*]|\A[\-\-\-\-\-\-\-\-\-\-]|[\=\=\=\=\=\=\=\=\=\=])" I found the erex c...
Fields created using the below methods will persist as a knowledge objects and are reusable in multiple searches ?
rex
erex
Interactive field extractor
eval
multikv
please help me i...
I am getting the log file imported to Splunk, but each line is an event with no field name. Can I break up the line into columns? If not, how do I parse the line to extract a number?
In...
I want to create report for events whose field names haven't been extracted. I have SSH logs of the format "Accepted publickey for user XYZ" , "Accepted publickey for user ABC" and so on. I want t...
...lso, erex is not helping. It keeps inclding the first zero in the hostname.
Any thoughts on how I can use rex on a field that is created on index time?
Thanks!!
Hello network,
I need help understanding how to increase the number of lines within the UI Field Extraction
For example, I have an event containing 38 lines and when sampling for applying regex w...
...essage occurrence increase, this count should increase too. I tried using erex and substring from Splunk but kinda failed miserably! Any help on how to form the Splunk query for this visualization w...