I'm adding a CSV using the "Add Data" GUI in Splunk 6.2. When I get to the Input Settings page, I have the option to specify a "Regularexpression on path" to define the Host field. However, I have n...
Hi everyone, I have create aregularexpression query that match in a long list of pathname 1 specific folder, and next cut everything that there is after this folder:
index=main " | rex "\s...
...ETWEEN ANGLE BRACKETS \d+)"
Then I have a new fieldauxTranID with the proper numeric value.
If I go to the addattribute feature in the datamodel definition and I adda rex expression selecting t...
...t;object_name>[^\"]+)"
I now get in addition to the above:
domain=DOMAIN
object_name=AD-SecurityGroup
This is exactly what I want, but when I add it to afield extraction on the s...
Hi all,
I have aregularexpression ^(.*)bytes read (?P\d+) written (?P\d+)$ , where i edited the proper regularexpression from afield to this to get output of particular users info to read t...
...written 317555. I added a name field for it as ACTIVITY. The regularexpression i can get is ^(?:[^ \n]* ){7}(?P.+)
How can i change the name ACTIVITY into a proper regularexpression to get b...
Hello all, can someone help me to to extract field 'CmdSet' from cisco ISE accouting logs. string : '[ CmdAV=show CmdArgAV=license CmdArgAV=usage CmdArgAV=<cr> ]'
I want to make a usecase that will detect the usage of several destination port numbers. For this, I think it's easiest to use aregularexpression. But I'm not sure. I'm also having trouble i...
...43ms, 8s30ms, 11s404ms
How would I extract the seconds portion, convert it into ms and add it to ms so that I can get the upload time always in ms please?
Hi all, I made a search where I use aregularexpression to extract the username from the email address because we noticed that a lot of phishing mails contain that pattern. The following line is t...