Hi,
from the logs, i have extracted the below data(table1). I would like to addanother column as in Table2 with custom keyword if filename begins xyz then "Core".
Please could you suggest what s...
...0000000
This is a fixed length field log file (from mainframe), with no field separators. Therefore, I am using the following regularexpression to extract the fields, w...
We have the Bro add-on installed and everything is being parsed into the proper fields. The Bro DNS logs (sourcetype=bro_dns) have afield called "answers". The value in this field can contain m...
...ighlighted only the 'auth' texts and 'AUDIT' without the 'SECURE'
To display the result output I have removed my second image as Splunk only allows two image files uploaded.
Regularexpression generated b...
Hello.
I have a dataset with aregularexpression where i extract the hostname of the computer to a hostname variable.
However, in the searches i base this on, a lower case hostname does n...
...characters.
Splunk docs / Documentation / Splunk Enterprise / Knowledge Manager Manual / About regularexpressions with field extraction:
Proper field name syntax
Field names must c...
I have manually set up a search time field extraction with regularexpression in the props.conf.
It happens so that one of the fields is not extracted, not for all but for only some events.
F...
...ueries.
Where do I enter the makemv and mvexpand statements?
Should I use a series of subsequent transformations for the eval statements and subsequent regularexpressionfield e...
...ollowing regularexpression, and extracted USERNAME ( in this example "xxxyyy" is the username extracted from 5th and 6th comma), MACADDRESS (in this example "54-26-96-1B-54-BC" extracted between 8...
...o configuration files but I am unsure what to add where. I am guessing the regularexpression goes in to tokenizer.conf based on this post but not sure when combined with the sed c...