Here is my sample data; start=Dec 30 2023 06:07:47 duser=NT AUTHORITY\SYSTEM dvc=10.163.142.37 I need to extract the full duser information. Splunk only grabs NT and not the r...
Hello, I'm writing some field extractions for a Tomcat access log. The logging format is "%{E M/d/y @ hh:mm:ss.S a z}t %h (%{X-Forwarded-For}i) > %A:%p "%r" %{r...
I am attempting to extract attachment fields from our email logs using regex. Attachments like .jpg, .png, pdf, etc. I have gone through the process of using the SPL field extracting feature h...
Thanks in Advance. 1.I have a json object as content.payload{} and need to extract the values inside the payload.Already splunk extract field as content.payload{} and the result as AP I...
Hello! I'm working on a Rex Expression for my job, and wanted to ask for some assistance in developing it. I'm supposed to make a rex expression to pull out the "Fixed version" of a piece of softw...
Hi all, I am ingesting data and I have a problem : event example: field1 = /var/log/asas/log1.log field2 = /var/log/as/as/log2.log field3 = /var/log/as/as/log3.log in the sourcetyp...
I'm working with data from this search index=my_index sourcetype=my_sourcetype (rule=policy_1 OR rule=policy_2 OR rule=policy_3)
[ | inputlookup my_list_of_urls.csv ]
| rename url AS my_url
| s...
Hello Team, I need help in extracting the following date and time from the log, sample log: -0900, 04.25.01 THU 22FEB24 nDD62320I I need the 04.25.01 THU 22FEB24 part, could someone please help i...
Hello, I have issues getting expected field value pairs using following props and transforms configuration files. Sample events and my configuration files are given below. Any recommendation will be...