...obtheperson@com.com
reason = N/A
Access cont(upn) = bob
My testing shows that the expression [\>\:]*\s+(.*?)\:?\s\<(.+?)\> should work.
http://regexr.com/3fatg
In Splunk, i put this regular...
Looking for help with this rex command. I want to capture the continuous string after "invalid user" whether it has special characters or not. Here are some examples from my data set (abc is just an ...
I'm trying to set a token with eval. However, my logic doesn't seem to be working. I haven't been able to find a working example in the docs or from Answers, so a nudge in the right direction would b...
I am trying to use regex to get the number of orders processed in the example below.
Number for orders processed: 36
Time for Picking Wave in Secs: 29 secs
Time for label printing in Secs: 2 s...
...rovided I want to set the token "test-result" to Is_NOT_an_IP.
I have tried the test using simple string tests and the dashboard works without issue. When I try to do the regex/IP test, it does not w...
...t;
blahblah = '$blahblah$'
</pre>
</html>
</panel> In the documentation about <eval> and its limitations, subsearches are not listed in the list of l...
...ollector (HEC) to send data to Splunk Enterprise. Can anyone please help me with the python based script if you have any template where I have to just enter the token key and URL to make it happen. Please h...
...irst in field extraction and then in case-match groups where I classify the events?) Here is a small sample of the actual classification SPL: index=main sourcetype="custom_application"
| rex f...
I have data that doesn't contain many useful fields. I have an initial query that returns a large set of events, and I want to be able to group these events by specific words that they may contain s...