Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
28 results
Sorted by:
02-08-2019
05:40 AM
Hi all,
Splunk offers the possibility to customize the way we want data to be segmented in the index files with a regex, like for this timestamp :
segmenters.conf :
[seg_rule]
F...
05-14-2020
12:57 PM
I tried to segment the log below using \s but it does not work, even after modifying segmenters.conf and props.conf .
2020-05-13 19:27:35,921 INFO com.edifecs.shared.events.transport.rmi...
11-20-2019
02:17 PM
I have a field with multiple values that would normally be delimited by a comma:
Field=value1,value2,value3
In Splunk, the Field value will just show "value1".
I want to alter the log mes...
08-09-2016
03:01 PM
1 Karma
...esources are available. See the Troubleshooting Manual for more information.
I did some changes to distsearch.conf file, but the bundle is still over 3 GB in size.
This is the file stanza:
[r...
05-22-2014
02:46 AM
13 Karma
...earchbnf.conf,
\segmenters.conf,server.conf,serverclass.conf,serverclass.seed.xml.conf,
\setup.xml.conf,source-classifier.conf,sourcetypes.conf,
\splunk-launch.conf,tags.conf,tenants.conf,t...
11-16-2017
06:52 AM
1 Karma
I have a field extraction that gets the message number from the raw message string
.{22}\s0-9
The message string is in the format of
2017-11-15T13:32:53,915 4790018 2999395531021...
07-11-2019
05:49 AM
...YDB^USER260^Sign-on^MYUSER1
2019-07-11T12:26:41+00:00 ABC-94 someproduct: ^1002/0^20190711122641087^MYDB^USER260^Sign-off^MYUSER2
I've configured props.conf as
EXTRACT-myDB_fields = \s...
09-22-2017
06:46 PM
I have JSON data, which is indexed and can be searched. This is an example of the data
Product: { [-]
BottleSizeMls: 750mls
BottleSizeName: Bottle
Id: ...
01-14-2016
03:37 PM
1 Karma
Hello,
I am trying to use a variable from my data which has columns as in this example:
ep_9:sMeterS:SummationDeliveredL_x10k
Splunk can make simple searches with this variable as in this...
06-14-2019
05:53 AM
I have a totally weird case...
I have field extractions defined in props.conf either individually or all in one extraction, no difference.
The fields show up in the "Interesting Fields" list....
