Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
70,000 results
Sorted by:
08-21-2023
07:23 AM
...407|| should be temp=1407
values after >>>>||1407|| should be message=[POD CleanUp] File deleted from POD : /dfgd/dfgdfgdfg.dat
Here is the sample log:
{"source":"fdgdfdfg","log":"2023-0...
- Tags:
- field extraction
- rex
Labels
- Labels:
-
rex
Show results in replies (8)
-
Given that this looks like JSON, you should either already have these fields if you have ingested t...
-
This looks like JSON, so assuming you have already extract the log field, try this | rex field=log...
-
@ITWhisperer @Will you able to provide the Rex for the below log format too. <><>...
-
| rex field=log "\<>\<>\<>\<>\|\|(?<temp>[^\|]+)\|\|\s(?<message&g...
-
@ITWhisperer @Whatever you provided rex expression is not fetching the values
-
Please share the complete event which is not working for you (anonymised of course). Please use a c...
-
How to extract these fields timestamp,kubernetes.pod too along with the below provided solutions&nb...
-
Hi one way to do it use separate rex expressions. Then it's not dependent on order of those values...
07-05-2023
03:22 AM
Hi All,
I have lookup file with 2 columns, Col1 and SPL_Qry.
Each value in col1 will have associated Splunk query.
In Dashboard, if I select ant value from the Drop Down, associated Query s...
Labels
- Labels:
-
dashboard
-
other
-
panel
-
single value
-
token
Show results in replies (9)
-
Try something like this <form version="1.1"> <label>City Dashboard</label> <f...
-
Thanks for your reply @ITWhisperer, Yes, I am using lookup file and using the...
-
<input type="dropdown" token="lookupquery"> <label>Select query</label> ...
-
...or input". How can I run the query after choosing the value from dropdown? Also I verified the the n...
-
You could try setting up your dropdown query to load the values from the lookup file using the i...
-
...utton by selecting the "Time Range" from "Global" to "Shared Time Picker" but it didnt work.
-
Super 🙂 Great, it works as expected ! Thank you very , much !!
-
Try doing it the way I suggested rather than adding your own interpretation?
-
...tatic date, I have added "Time" from the "Add Input", how I will pass this date and time range to t...
03-07-2023
03:50 PM
I'm using the map command to iterate through a list of devices and forecasting some of the metrics associated with each device. That's all working but what I really want is to then average the ...
Labels
- Labels:
-
troubleshooting
08-10-2023
07:30 PM
Hello Splunk Community,
I'm trying to extract fields from the cloudwatch events like 1)region 2)arn 3) startTime 4) endTime 5)eventTypeCode 6)latestDescription from an event. The regex w...
Labels
- Labels:
-
field extraction
-
regex
Show results in replies (4)
-
If you scroll to the right, you will notice that "arn" is a subnode event.arn, "region" is subnode ...
-
@yuanliu Thanks for your response, the query you've provided is the example? Would you mind t...
-
I always tell people do not treat structured data as text. You'll regret later. Use spa...
-
For this type of data, you can use the extract command. To make it work, we need to remove th...
06-13-2023
11:19 PM
Hi splunkers,
I m using cluster master and indexers in spk 8.2.5
When I start my search heads, I got the error "master_uri. This setting is deprecated and might be removed entirely in a future re...
Labels
Show results in replies (5)
-
...hen I check those from docs 8.2.x use old one and 9.0.0 use the new version https://docs.splunk...
-
Thank's everybody. With your answers et my following searches, I can effectively upgrade my core ar...
-
Hi @_olivier_ , good for you, see next time! let us know if we can help you more, or, p...
-
Hi @_olivier_, this feature is deprecated from 9.0.0 as you can read at https://d...
-
Definitely it's depreciated, but when it will be removed, is totally another story. That changes ha...
07-27-2023
06:42 PM
Hello,
I have some issues with field extraction since value pair and non-value pair fields are within the same event. Not sure how implement Regex to extract these fields. A few sample events are g...
Labels
- Labels:
-
other
Show results in replies (8)
-
Yes, getting developers to appreciate how well-structured and relevant logging reduces time-to-reso...
-
I recommend you understand your data and describe it in a complete manner. For what you have now sa...
-
As I said previously, you need to understand your data completely. It is not possible for me to say...
-
Hello @ITWhisperer Thank you again. So, you are saying. \[(?<field1>[^\]]+)\]\s+...
-
Hello @ITWhisperer , Thank you again. So, you are saying. \[(?<field1>[^\]]+)\]\s...
-
Yes - after field9 match there is an "extra" group (group 10) which covers the rest of the match gr...
-
Without a clear definition of how to split up the data into fields I am guessing, but try this \[(...
-
Yes, the IPaddr-anchored group is also optional and it relies on userAgent being the anchor in the ...
08-27-2023
11:00 PM
We have a set of data which populate host and ip
Eg.
Host IP &nb...
08-15-2023
12:33 PM
hello team,
I have data from CSV files coming into my Splunk instance, I can search and find that data.
However, they come together in the "Event" field, and I would like to separate them based o...
Labels
- Labels:
-
chart
-
field extraction
-
fields
07-14-2023
08:12 PM
How to perform lookup from index search with dbxquery? | index=vulnerability_index | table ip_address, vulnerability, score ip_address vulnerability score 192.168.1.1 SQL Injection 9...
Show results in replies (7)
-
...elect * from tableCompany" ```select ip_address,company,location from tableCompany``` | spath input="S...
-
...ulnerability_index | table ip_address, vulnerability, score | append [| dbxquery query="select * from t...
-
...y goal is to replace the table.csv, which was obtained from | dbxquery connection=visibility q...
-
First, there was a syntax error copied from the original post. There should not be a l...
-
...p_address, vulnerability, score | append [| dbxquery query="select * from tableCompany" ```s...
-
...able at this point is generally a waste ``` | append [| dbxquery query="select * from t...
-
...ompany", and "location" field 1. Is it possible to use lookup from index to Dbx query? &n...
04-25-2023
12:02 AM
...HARGETYPE,REASON|rename BUSINESSIDENTIFIER AS "Order ID", SERVICELAYEROPERATION AS "API NAME", REASON AS "OSB Observation"
I need to extract charge type from the OSB Observation column. Sample v...
Labels
- Labels:
-
field extraction
Show results in replies (6)
-
Hi @yuvasree, you can add a regex to extarct the CHARGETIME field: | rex "CHARGETYPE\s\[(?&l...
-
Output: S.NO DATE Order ID MESSAGEIDENTIFIER API NAME CHARGETYPE OSB Observation 1 2023-04-25 06-...
-
Hi @yuvasree, let me understand: you want to extract the OSM_Observation field that's the val...
-
Hi @gcusello , Yes I need the mentioned field. But I need the column as well in ...
-
...xtracted from the reason field Sample value: CHARGETYPE [RSCN4] index="general_prod" s...
-
Hi @yuvasree, could you highlight (in bold or with a coulour) the part of log that must be ex...
