Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
309 results
Sorted by:
04-16-2015
01:08 PM
Good afternoon,
I have some syslog data coming into splunk. I am trying to write the props and transforms to add the field extractions and want to make sure I am doing it the best way.
Q...
05-17-2016
03:28 AM
...cross, but in vain. Even the documentation isn't clear enough with examples. I am able to extract the fields in the search (using spath and specifying tags paths), but that is not what I want. I want to h...
03-18-2015
12:05 AM
1 Karma
...mport, I'm extracting the hostname from the event using props.conf and transforms.conf
write it to metadata:host.
props.conf:
[collectd]
TIME_PREFIX = ^.+\..+\..+\s.+\s
TRANSFORMS-mask= mask-c...
05-20-2015
09:21 AM
1 Karma
Hi
I don't know what I am doing wrong. I am try to extract a multivalue field, error_num . I tested it in the search app and it worked correctly. This is what I got:
props.conf:
[J...
10-01-2012
04:41 AM
...As an example when i am writing the query
sourcetype=TARGET_ONE | table "Fname"
its retuning nothing.but field has been extracted.
Do i need modify regex in transform.conf??
can a...
- Tags:
- field-extraction
02-11-2016
12:30 PM
Hello,
I am attempting to figure out a regex for a transforms.conf for a field named Call Reason
Example data looks like this
A - Call plan question
B - Data plan question
C - Cellular t...
01-11-2017
11:16 AM
...hen use a different regex for the final uri extract. For example:
[source::/var/log/SomeSourceTypeA-web.log]
KV_MODE=none
REPORT-webservice-extractions-SomeSourceTypeA = SomeSourceTypeA-base-extract...
02-22-2017
02:21 PM
1 Karma
I am walking through the Cisco app and I noticed that there are a lot different ways fields are being extracted. It looks like there are many inline extractions and others referencing a transform, a...
08-02-2019
07:45 AM
I am doing some field extractions for Juniper JunOS logs and I created the following field extractions via props/transforms files in the /opt/splunk/etc/apps/Splunk_TA_juniper/local directory:
p...
03-15-2017
09:17 AM
...nswers/112311/multi-value-field-extraction.html
Extract all the main fields
Do a second transform to extract the multi-values
The first part works fine:
**props.conf:**
[opendns:dnslog]
R...
