Hi
try to use transaction command, but actionName is empty!
Here is my SPL
| rex "actionName.*\.(?<actionName>\w+\.\w+)\]" | rex "duration\[(?<duration>\d+)"
| rex "t...
...rovider Device..] and FLD[Wallet Provider Accoun..] are present but FLD[Wallet Provider Reason..] is missing
In the above examples all three fields are present. I wanted to identify Field...
I am using Splunk 6.4.
I am able to extract many fields from my data using erex comand. However, for URL fields, the erex comamand doesnt work.
My events-
1470993728.300 44 81.11.191.113 T...
Greetings everyone,
I just want to verify that the transaction generated duration field is always in seconds. it doesn't say definitively in the transaction guide. The examples below allude to it b...
I am trying to write a rex command that extracts the field "registrar" from the below four event examples. The below values in bold are what i am looking for to be the value for "registrar". I...
...earch:
index= sourcetype= earliest=@d-14d
| fields ...
| transaction keeporphans=True keepevicted=True
| outputlookup .csv
This is the full minimal search ^
Two examples of the snippets from the c...
...eady and confirmed on regex101.com. But I tried some of the below in my search and no luck. I've looked up rex command and examples on answers.splunk.com as well. But not sure how I can use rex command...
Don't have a specific example, but would like to understand for my education.
For example, I don't understand what COULD be the difference between listing two fields in the top command versus u...
...example that ships with Splunk and created a simple example that should just output the first field and create content for the second field.
It's working in the Splunk CLI
sh-3.2# cat c...
...f field3 has no value, use field2's value -if field3 and field2 have no values, use field1's value - if fields3, 2 and 1 all have no values, leave blank (or "unknown", etc.) These are 3 examples o...