Hi, I am new in Splunk,
if I want to remove the display of all column field for T9_LotID_LaneA,T9_LotID_LaneB,T9_LotIB_LaneC,T9_LotID_LaneD, was empty or null value
my base s...
i want to apply a regular expression to removeunwanteddata in a column based on the field.
If field value starts with android, I want to match and remove after 2nd word completely. Vice versa, i...
....LOG.INPUT.QUEUE msg_body=
How to stop the above header from being added to actual xml data as my indexer is unable to identify the input as XML and it is failing to extract fields?
I have t...
...fficient method of collecting a list of unique IDs? index=abc | stats count by ID index=abc | stats values(id) as IDs | mvexpand IDs index-abc | fields ID | dedup ID Anything e...
...*)<Record>(\s*)
REPORT-jkcsxml = jkcsxml
TRANSFORMS-nullIndexHeader = nullIndexHeader
From the transforms.conf, here is the nullIndexHeader stanza to remove the header and extra t...
...uggestions in our Mind
1. to mount /opt/splunk/var/run in Search Head onto RAM (or SSD)
2. Customise the official TA's to removeunwantedfields for the customer. The effort vs return is NOT e...
...nformation about the IP address with resolve by name of the PC (armName) after adding the event data.
How to make such an enrichment and also remove some of the fields that do not carry useful i...
Below is the current out put (raw) - specific field
node0: -------------------------------------------------------------------------- /var/: No such file or directory /var/tmp/: No s...