I have two Splunk queries, each of which uses the _rex command to extract the join field.
Example:
QUERY 1
index=index1 "Query1" | rex field=_raw "abc(?<M...
We are developing a generating custom command using the Splunk Python SDK. The issue we are having is that only those fields exported from the first 'yield' are extracted in future events (so only t...
...ut I can easily extract the other fieldswith rex, as well as the json fieldswith the spath:
rex field=_raw "Container: (?<field1>AppropriateRex) (?<field2>AppropriateRex) (?<field...
I have a field named "content" with multiple values to it as follows
content=value.deva
content=value.devb
" =value.devc ......
I have written a rex expression in my search query ............
Hello Splunk experts,
I am encountering strange behaviour when using mvzip on fieldsextracted using xpath commands.
I have provided a toy dataset below that mimics my XML events. I expect m...
I am trying to extractfields Environment and Service with below search and receiving the error 'SearchParser': Missing a searchcommand before '^'.
I got the rex command from Splunk fieldextract...
...nd running into a challenge simplifying extraction of the date from the AD account creation field: | ldapsearch basedn="XXXXXXXXXXX" search="(&(objectCategory=user)(objectClass=user)(d...
Hey guys,
I have a log that contains a lot of data but from that, I want to extract 'program.exe -switch' from the log and create a new field that I can display with table command. I have regex r...
Hello,
I have a problem with splunk search. What I need to do is to do a search from the fields containing CC numbers. I have tried the example from the Splunk tutorial:
| rex field=c...
...stp_date and tst_time variables in the search below with the value 'foo'. Is it possible, in the context of a regular expression to assign 'foo' to my variables tstp_date and tstp_time if the string 't...