Search

jlpayne09 · ‎04-26-2019

So i want to bulk tag multiple field values with the same Tag/alias using the Splunk Web search and not Linux configurations settings. I am trying to tag roughly 800 windows, and 800 linux so thats w...

GDustin · ‎04-23-2019

...alias iis : FIELDALIAS-host/cs_host AS host] I have resorted to the test data in samples iis.log Does any one know if this website config will work for the test data? or any other p...

ts46235 · ‎10-01-2018

...ork when I viewed the dataset's values. The docs don't even mention the "named" column so it makes me wonder if I"m doing it right. I tried to create an alias for CIM app and my src_ip custom field (c...

jimbaxtermdi · ‎03-27-2020

...OURCE_KEY = field:lineobj DEST_KEY = _raw REPEAT_MATCH = true The above succeeds in extracting the json field/values out of 'line' - the 'lineobj' field appears in the fields list in Splunk Web...

pj · ‎03-30-2016

...roblem is compounded by the fact that the extracted signature_id field is leveraged in all the eventtypes and tags within the TA too. The field is really simply based upon EventCode, which is a n...

longnh26 · ‎10-03-2019

Now i very interested with command Spath of Splunk, can auto extract values JSON. But i can't extract it to field in index, sourcetype ? Example: Raw json in field src_content: index=web s...

kundeng · ‎07-27-2020

...est practices to manage entities in this case. 1. Should I have created 2 other entities with different aliases? That is the second one E2 which has alias "hostname=web01" and E3 w...

pj · ‎05-17-2010

I am looking to alias several field names from multiple sources/hosts with an alias of 'Username'. When looking in the field alias section of splunk manager, there is the option to alias by S...

markov00 · ‎07-04-2013

I've indexed some web server logs and than I've assigned a tag to the status field, so I can receive the tag name instead of the http status code. It' works correctly on splunk web: I can see for e...

lakromani · ‎09-30-2017

I do use eventtypes.conf to extract fields. Then in tags.conf I do set warning=enable for some of the fields. Some is error and other is information. In my search, this then shows up as e...

Search

Search the Community

How to bulk tag a field value pair.

site value is not populating in SAWA 2.1.0 SplunkE...

Why aren't field aliases working for CIM data?

How to do search time extractions of nested json o...

Why is signature_id in the Windows TA extracted in...

Extract Fields with JSON with spath for Data model

Need a best practice guide on entity management in...

Field aliasing using host tags

Unable to see tags on REST API output

Setting field based on eventtype