×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ehastings82
New Member
Member since: ‎09-22-2010
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-22-2010
Activity Feed
Topics I've Started
View All

Re: Host based on filename

by in Getting Data In
‎02-22-2011 01:24 AM
‎02-22-2011 01:24 AM
FYI, and as a supplemental to the above answer, I keep my files in the following directory: /var/splunk/input/mms_logs/ The filename structure is: mms_HOST-IP-ADDRESS_TIMESTAMP.log examples: mms_10.152.58.100_20110101_004000_06137.log mms_10.152.58.194_20110121_120000_70656.log Now to extract the IP address portion of filename as a host, I used the following regex: /var/splunk/input/mms_logs/mms_(\d+.\d+.\d+.\d+)_\d+ Voila! From the above examples I know have two hosts (10.152.58.100 & 10.152.58.194), along with all of the events that are hosted within the files 🙂 Hope this helps someone! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM