Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
28 results
Sorted by:
02-08-2019
05:40 AM
Hi all,
Splunk offers the possibility to customize the way we want data to be segmented in the index files with a regex, like for this timestamp :
segmenters.conf :
[seg_rule]
F...
05-14-2020
12:57 PM
I tried to segment the log below using \s but it does not work, even after modifying segmenters.conf and props.conf .
2020-05-13 19:27:35,921 INFO com.edifecs.shared.events.transport.rmi...
11-20-2019
02:17 PM
I have a field with multiple values that would normally be delimited by a comma:
Field=value1,value2,value3
In Splunk, the Field value will just show "value1".
I want to alter the log mes...
08-09-2016
03:01 PM
1 Karma
...esources are available. See the Troubleshooting Manual for more information.
I did some changes to distsearch.conf file, but the bundle is still over 3 GB in size.
This is the file stanza:
[r...
05-22-2014
02:46 AM
13 Karma
...earchbnf.conf,
\segmenters.conf,server.conf,serverclass.conf,serverclass.seed.xml.conf,
\setup.xml.conf,source-classifier.conf,sourcetypes.conf,
\splunk-launch.conf,tags.conf,tenants.conf,t...
11-16-2017
06:52 AM
1 Karma
I have a field extraction that gets the message number from the raw message string
.{22}\s0-9
The message string is in the format of
2017-11-15T13:32:53,915 4790018 2999395531021...
07-11-2019
05:49 AM
...YDB^USER260^Sign-on^MYUSER1
2019-07-11T12:26:41+00:00 ABC-94 someproduct: ^1002/0^20190711122641087^MYDB^USER260^Sign-off^MYUSER2
I've configured props.conf as
EXTRACT-myDB_fields = \s...
07-26-2019
05:25 PM
...eers instead"
After some re-search and looking through answers site, this could be due to inconsistent distsearch.conf on some of the search heads in the cluster ; so I updated and removed all t...
09-22-2017
06:46 PM
I have JSON data, which is indexed and can be searched. This is an example of the data
Product: { [-]
BottleSizeMls: 750mls
BottleSizeName: Bottle
Id: ...
03-26-2020
03:29 PM
...alue (which adds it to the search), zero results are returned. Is this a bug in recent versions?
I've seen other "similar" posts and some talk about workarounds such as fields.conf, but this is p...
