Hello, I have issues getting expected field value pairs using following props and transforms configuration files. Sample events and my configuration files are given below. Any recommendation will b...
...rops.conf and transforms.conf to exclude these logs as below but none of them are successful to exclude those logs; props.conf [sourcetype::cato_source] TRANSFORMS-filter_logs = c...
I am trying to setup props & transforms to send DEBUG events to null queue i tried below regex but that doesnt seem to work
Transofrms.conf-
[setnull]
REGEX = .+(DEBUG...).+$
DEST_KEY = q...
Hello, I was trying to use REGEX command within props/transforms conf files to extraction fields, but field extraction is not working. Two sample events and my props/transforms conf files are g...
Hi. I have a problem with transformations in Splunk:
Example event(small part of it):
Dec 1 22:29:42 127.0.0.1 1 2017-12-01 LOGSERVER 1292 - - {"event_type":"type_here","ipv4":"127.0.0.1","h...
Hello community, I am trying to "reroute" specific logs (based on Regex match) to a different index. This is done on the heavy-forwarder. It is ingested via syslog. Both props and transform...
Hello, How would I implement inline or Uses Transform Field extraction (please see screenshot below) for following event (please see sample event below). Any help will be highly appreciated, thank y...
How can I mask the verfiication code using props/transforms? {"body": " Verification Code: 123456", I want to mask the code using props and transforms using below format, not s...
Hello, I was using Transform type Field Extraction, I have an issue to select my Delimiter and facing some errors (not extracting fields as expected). Please see below the Raw Event and the p...