Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
320 results
Sort by:
03-23-2015
10:26 AM
...ourcetype
During an inline search, those three extracted fields populate the table with integer values, as expected. I then update the field extractions for the sourcetype of postfix_syslog to include t...
01-02-2024
07:17 AM
I've read the documentation for inline field extractions and I don't see what I'm doing wrong here. I've added a props.conf file to my test app with the following: [emm_syslog]
LINE_BREAKER = ([\r\n...
Labels
- Labels:
-
configuration
-
troubleshooting
12-02-2021
09:50 AM
Hello, How would I implement inline or Uses Transform Field extraction (please see screenshot below) for following event (please see sample event below). Any help will be highly appreciated, thank y...
Labels
- Labels:
-
field extraction
02-22-2017
02:21 PM
2 Karma
I am walking through the Cisco app and I noticed that there are a lot different ways fields are being extracted. It looks like there are many inline extractions and others referencing a transform, a...
12-18-2023
06:44 PM
Hello, I have issues getting expected field value pairs using following props and transforms configuration files. Sample events and my configuration files are given below. Any recommendation will b...
- Tags:
- field extraction
10-11-2013
05:43 PM
...ill pull both the interface and up-down fields from this log?
Oct 9 12:01:18 hos-a-3550-1.rockefeller.internal 2635634: Oct 9 12:01:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface F...
- Tags:
- rex
11-19-2012
04:33 PM
I'm trying to setup Splunk to understand CloudFront log files.
I've setup a field extraction like this:
^(?<DATE>[\\S]+)\\t(?<TIME>[\\S]+)\\t(?<CF_SERVER>[\\S]+)\\t(?<B...
- Tags:
- cloudfront
- search
07-22-2016
10:27 AM
...ttempt to use the INDEXED_EXTRACTION=CSV option and instead use default settings with manual configurations, Splunk still identifies fields improperly. As as example from the above data, there should be a...
07-08-2014
03:27 PM
1 Karma
I have a regex I am using to extract exception from a java stacktrace to get for error analysis. It would be much better to do this as a configured field extract so I can use it in lookups instead o...
09-09-2013
10:39 AM
The following gives me exactly what I want
host=****** Failed_Reason minutesago=15 | rex "\>(?<Failed_Reason>.*?)\<"
but when I use the regex to build a field extraction I c...
- Tags:
- extraction
- field
