Hi Splunkers! I need to extract the specific field which dosent consists of sourcetype in logs, Fields to extract - OS, OSRelease Thanks in Advance, M...
Hi,
I have below scenario. Image_Name and Name_Space are being ingested with below variations in table A. Image_name is a multivalued field as shown. I tried using makemv delim but it doesnt work b...
{"log":"{\\"instanceId\\":\\"abc-fdh-48f-4432\\",\\"requestType\\":\\"ABC\\"}
Using the above sample log, how to extract the request type and instanceId fields values?
Hi,
I have below raw event. Data is ingested via reading logfiles from dedicated location on monitored server with UF on it. Splunk's default method is not extracting fields as I need. Some f...
Hello! I'm working on a Rex Expression for my job, and wanted to ask for some assistance in developing it. I'm supposed to make a rex expression to pull out the "Fixed version" of a piece of softw...
Hello, I've the following situation: I've inside logs the ETL logs, I've already extracted some data via search fields. The log structure is the following: Fri Dec 1 16:00:59 2023 [extract...
Hello, I'm writing some field extractions for a Tomcat access log. The logging format is "%{E M/d/y @ hh:mm:ss.S a z}t %h (%{X-Forwarded-For}i) > %A:%p "%r" %{r...
Hi All,
I have two events as below. In both the events, data format is different. We can observe extra "/" from few events. How to capture the logEntryType from both of them by using rex command ? ...
Here is my sample data; start=Dec 30 2023 06:07:47 duser=NT AUTHORITY\SYSTEM dvc=10.163.142.37 I need to extract the full duser information. Splunk only grabs NT and not the r...