Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
41 results
Sort by:
02-08-2019
05:40 AM
Hi all,
Splunk offers the possibility to customize the way we want data to be segmented in the index files with a regex, like for this timestamp :
segmenters.conf :
[seg_rule]
F...
05-14-2020
12:57 PM
I tried to segment the log below using \s but it does not work, even after modifying segmenters.conf and props.conf .
2020-05-13 19:27:35,921 INFO com.edifecs.shared.events.transport.rmi...
03-02-2024
01:27 AM
1 Karma
...earch abc--xyz # works
TERM(abc--xyz) # doesn't work
TERM(abc*) # works
| tstats count by PREFIX(abc) # doesn't work for abc--xyz Both TERM and PREFIX work with other minor segmenters...
08-10-2023
02:53 AM
...ay: props.conf: [test_sourcetype]
SEGMENTATION = test_segments segmenters.conf: [test_segments]
MAJOR = \t
MINOR = / : = @ . - $ # % \\ _ [ ] < > ( ) { } | ! ; , ' " * \n \r \s & ? + %21 %2...
Labels
- Labels:
-
indexer
11-20-2019
02:17 PM
I have a field with multiple values that would normally be delimited by a comma:
Field=value1,value2,value3
In Splunk, the Field value will just show "value1".
I want to alter the log mes...
11-16-2017
06:52 AM
1 Karma
I have a field extraction that gets the message number from the raw message string
.{22}\s0-9
The message string is in the format of
2017-11-15T13:32:53,915 4790018 2999395531021...
05-26-2024
07:06 AM
Hello, I'm Splunk Newbie. This is a post that I found while looking for improvement of Splunk's search performance, but I'm asking you a question because it's a little confusing. I referred...
05-22-2014
02:46 AM
14 Karma
...earchbnf.conf,
\segmenters.conf,server.conf,serverclass.conf,serverclass.seed.xml.conf,
\setup.xml.conf,source-classifier.conf,sourcetypes.conf,
\splunk-launch.conf,tags.conf,tenants.conf,t...
08-09-2016
03:01 PM
1 Karma
...esources are available. See the Troubleshooting Manual for more information.
I did some changes to distsearch.conf file, but the bundle is still over 3 GB in size.
This is the file stanza:
[r...
02-16-2017
02:46 AM
1 Karma
...nsertion and also field extraction configured for my events, may be there is some correlation.
sample data
configuration files (props,transforms,fields).conf
