How can I erex a line TRUE, FALSE, TRUE,, FALSE, FALSE, FALSE, , FALSE, FALSE source =" an imported CSV" the multiple true and false on the line have different column names. I am trying to c...
Hi, I have the below log and values for "days" field are 4, 10 , 15, 30. Could you please extract the "days" field using the "erex" command.
Log :
2017-11-21 04:55:34,060 tn="[1...
We have notable events for when a user is created on multiple devices. Most of them are expected for when devices are imaged.
I want to use erex to create a suppression for like accounts. T...
I am using Splunk 6.4.
I am able to extract many fields from my data using erex comand. However, for URL fields, the erex comamand doesnt work.
My events-
1470993728.300 44 81.11.191.113 T...
I'm running into an issue with the syntax for a CLI search using erex.
The problem seems to be with the double quotes. I've tried single quoting the erex examples and counter examples, but none o...
...ervername\folder\datatype\location), so I haven't been able to work out a consistent way to extract the location folder because it changes depending on data type. I ended up using an erex to extract t...
How do I use the IFA or even better erex and specify mutiple values that contain a comma? I've tried putting them in quotes etc but doesn't seem to work.
I really just trying to extract a date f...
In previous versions of splunk, I've been able to use erex at search time to define a regular expression based on search time data, which is especially helpful in very large events or very spread o...
How to extract a string without using rex or erex?
Ex: I don't have clear logs for phone numbers, want to extract the phone number and then extract the country code from that field.
I'm able t...
I'm trying to use splunk on a search head I don't manage but I noticed that whenever I try to use erex on the search head, the regex never comes back to me. I see logs at the end of my search that erex...