Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
378 results
Sorted by:
04-16-2015
01:08 PM
Good afternoon,
I have some syslog data coming into splunk. I am trying to write the props and transforms to add the field extractions and want to make sure I am doing it the best way.
Q...
05-17-2016
03:28 AM
...cross, but in vain. Even the documentation isn't clear enough with examples. I am able to extract the fields in the search (using spath and specifying tags paths), but that is not what I want. I want to h...
05-20-2015
09:21 AM
1 Karma
Hi
I don't know what I am doing wrong. I am try to extract a multivalue field, error_num . I tested it in the search app and it worked correctly. This is what I got:
props.conf:
[J...
03-18-2015
12:05 AM
1 Karma
...mport, I'm extracting the hostname from the event using props.conf and transforms.conf
write it to metadata:host.
props.conf:
[collectd]
TIME_PREFIX = ^.+\..+\..+\s.+\s
TRANSFORMS-mask= mask-c...
10-01-2012
04:41 AM
...As an example when i am writing the query
sourcetype=TARGET_ONE | table "Fname"
its retuning nothing.but field has been extracted.
Do i need modify regex in transform.conf??
can a...
- Tags:
- field-extraction
02-11-2016
12:30 PM
Hello,
I am attempting to figure out a regex for a transforms.conf for a field named Call Reason
Example data looks like this
A - Call plan question
B - Data plan question
C - Cellular t...
12-02-2021
09:50 AM
Hello, How would I implement inline or Uses Transform Field extraction (please see screenshot below) for following event (please see sample event below). Any help will be highly appreciated, thank y...
Labels
- Labels:
-
field extraction
01-11-2017
11:16 AM
...hen use a different regex for the final uri extract. For example:
[source::/var/log/SomeSourceTypeA-web.log]
KV_MODE=none
REPORT-webservice-extractions-SomeSourceTypeA = SomeSourceTypeA-base-extract...
08-21-2021
09:33 PM
Hello, I was using Transform type Field Extraction, I have an issue to select my Delimiter and facing some errors (not extracting fields as expected). Please see below the Raw Event and the p...
- Tags:
- delimiters
Labels
- Labels:
-
field extraction
02-22-2017
02:21 PM
1 Karma
I am walking through the Cisco app and I noticed that there are a lot different ways fields are being extracted. It looks like there are many inline extractions and others referencing a transform, a...
