...obtheperson@com.com
reason = N/A
Access cont(upn) = bob
My testing shows that the expression [\>\:]*\s+(.*?)\:?\s\<(.+?)\> should work.
http://regexr.com/3fatg
In Splunk, i put this regular...
Looking for help with this rex command. I want to capture the continuous string after "invalid user" whether it has special characters or not. Here are some examples from my data set (abc is just an ...
I have two logs below, log a is throughout the environment and would be shown for all users. log b is limited to specific users. I only need times for users in log b.
log a: T...
...rovided I want to set the token "test-result" to Is_NOT_an_IP.
I have tried the test using simple string tests and the dashboard works without issue. When I try to do the regex/IP test, it does not w...
I'm trying to set a token with eval. However, my logic doesn't seem to be working. I haven't been able to find a working example in the docs or from Answers, so a nudge in the right direction would b...
I am trying to use regex to get the number of orders processed in the example below.
Number for orders processed: 36
Time for Picking Wave in Secs: 29 secs
Time for label printing in Secs: 2 s...
...t;
blahblah = '$blahblah$'
</pre>
</html>
</panel> In the documentation about <eval> and its limitations, subsearches are not listed in the list of l...
I have data that doesn't contain many useful fields. I have an initial query that returns a large set of events, and I want to be able to group these events by specific words that they may contain s...
...ollector (HEC) to send data to Splunk Enterprise. Can anyone please help me with the python based script if you have any template where I have to just enter the token key and URL to make it happen. Please h...