i can't understand when to use regex and when to use delimiter
-Regex
Use this option when your event contains unstructured data like a system log file
-Delimiter
Use this option when your ...
...plunk. I have been trying to generate report using Splunk search query to retrieve the fields and data that i need for my report. I have some basic fields like Index, host sourcetype.... but it is n...
Hi All,
I am trying to list out activity of providing local admin rights other than the authorized user accounts. The list of user authorized user accounts are added in a lookup table called "ITSD...
.... With this upgrade all field mappings that were saved in the Event forwardings (locally) were erased. and now there are 0 fields that are mapped in the event forwardings. Since almost all the m...
...his:
domain
www.somedomain.com
www.somedomain2.com
Here is the search I try to do
index="someindex" [ inputlookup mal_domains.csv | fields domain | format ]
I've also tried a...
Hi, I wonder whether someone may be able to help me please.
I'm trying to put together a piece of a search which multiplies two numerical fields.
I've looked through Splunk Answers and tried b...
Hey All,
So, the fieldextractor in Splunk is working great. I can search by any of my custom fields. The only problem however seems to be that no matter what I do, it calls all of my custom fields...