Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About supergtom
supergtom
New Member
Member since:
03-14-2012
06-05-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 03-14-2012 |
Activity Feed
- Posted Re: Bluecoat log with domain-based sorting possible? on Getting Data In. 03-26-2012 09:13 PM
- Posted Re: Bluecoat log with domain-based sorting possible? on Getting Data In. 03-26-2012 12:58 AM
- Posted Re: Bluecoat log with domain-based sorting possible? on Getting Data In. 03-26-2012 12:38 AM
- Posted Re: Bluecoat log with domain-based sorting possible? on Getting Data In. 03-26-2012 12:29 AM
- Posted Re: Bluecoat log with domain-based sorting possible? on Getting Data In. 03-26-2012 12:26 AM
- Posted Re: Bluecoat log with domain-based sorting possible? on Getting Data In. 03-26-2012 12:24 AM
- Posted Re: Bluecoat log with domain-based sorting possible? on Getting Data In. 03-25-2012 06:22 PM
- Posted Re: Bluecoat log with domain-based sorting possible? on Getting Data In. 03-25-2012 06:20 PM
- Posted Bluecoat log with domain-based sorting possible? on Getting Data In. 03-22-2012 09:10 PM
- Tagged Bluecoat log with domain-based sorting possible? on Getting Data In. 03-22-2012 09:10 PM
- Tagged Bluecoat log with domain-based sorting possible? on Getting Data In. 03-22-2012 09:10 PM
- Tagged Bluecoat log with domain-based sorting possible? on Getting Data In. 03-22-2012 09:10 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
03-26-2012
09:13 PM
thanks for the reminder.
i doubt if regex (in Splunk) can do if-then-else. otherwise, a single regex cannot handle URL with many levels of sub-domains or variations.
... View more
03-26-2012
12:58 AM
thanks to kristian. the question is solved.
the regex i used is rex field=Url "[http|https|ftp|tcp]?\:\/\/[^\.]+\.(? [^\.]+).[^\.]+\/"
the regex is aimed to resolve the format ://xxx.domain.xxx/ (i duno if there is any error)
... View more
03-26-2012
12:38 AM
While i am still handling the regex stuff, there is actually a second question.
For example, there are 2 lines of event
maps.google.com bytes_a duration_a
docs.google.com bytes_b duration_b
Will it be combined as follows?
google bytes_a+b duration_a+b
... View more
03-26-2012
12:29 AM
In case anyone would like to get quick answer on regex URL http://gskinner.com/RegExr/ (I suppose you need some basis on regex)
... View more
03-26-2012
12:26 AM
Btw, I have use the IFX and it seems not good in making custom regex for URL (I am not good at regex too).
... View more
03-26-2012
12:24 AM
Thank you very much. That is exactly what I would like to archieve.
... View more
03-25-2012
06:22 PM
I am not sure if the term "grouping" is appropriate.
... View more
03-25-2012
06:20 PM
I have the log downloaded from bluecoat server and would like to import it to Splunk for log analysis. Normally, splunk will treat each line (of bluecoat log) as an event. Each event contains some fields. One of them is URL-related. I would like to group each event with similar URL characteristic (i.e. under the same domain, in the example above, google). It is because the log may be huge. Doing such grouping will reduce the size. In addition, the result (or the report) looks simpler.
... View more
03-22-2012
09:10 PM
For example, I would like to group all the following URLs under google:
docs.google.com,
maps.google.com,
www.google.com,
...
(may be it is *google*)
Is there a way to do it such that it will show results with pre-defined domains?
I would much appreciate if such pre-defined rules already exist some where.
Thank you.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
