Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About AnujaJ
AnujaJ
Path Finder
Member since:
07-10-2018
06-05-2020
Community Statistics
| Posts | 25 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 4 |
| Member Since | 07-10-2018 |
Activity Feed
- Karma Re: Values repeated in each field for woodcock. 06-05-2020 12:50 AM
- Karma Re: How to join searches based on condition? for VatsalJagani. 06-05-2020 12:50 AM
- Got Karma for Values repeated in each field. 06-05-2020 12:50 AM
- Got Karma for Re: How to join searches based on condition?. 06-05-2020 12:50 AM
- Got Karma for Re: Optimize transaction query. 06-05-2020 12:50 AM
- Got Karma for Splunk NLTK Tutorial. 06-05-2020 12:49 AM
- Karma My forwarder's outgoing data rate is lagging. How to resolve this in order for the forwarder to send data continuously? for chintan_shah. 06-05-2020 12:48 AM
- Karma PREAMBLE_REGEX for jmcrabb. 06-05-2020 12:46 AM
- Posted Re: Anonymize data from JSON File on Getting Data In. 05-25-2020 11:47 PM
- Posted Re: Anonymize data from JSON File on Getting Data In. 05-25-2020 06:11 AM
- Posted Re: Anonymize data from JSON File on Getting Data In. 05-25-2020 06:03 AM
- Posted Re: Anonymize data from JSON File on Getting Data In. 05-25-2020 12:28 AM
- Posted Re: Anonymize data from JSON File on Getting Data In. 05-25-2020 12:21 AM
- Posted Anonymize data from JSON File on Getting Data In. 05-22-2020 05:13 AM
- Tagged Anonymize data from JSON File on Getting Data In. 05-22-2020 05:13 AM
- Posted Re: Importing CSV file without a header on Getting Data In. 11-15-2019 06:07 AM
- Posted Importing CSV file without a header on Getting Data In. 11-12-2019 07:35 AM
- Tagged Importing CSV file without a header on Getting Data In. 11-12-2019 07:35 AM
- Tagged Importing CSV file without a header on Getting Data In. 11-12-2019 07:35 AM
- Tagged Importing CSV file without a header on Getting Data In. 11-12-2019 07:35 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 1 |
05-25-2020
11:47 PM
This does not work. anony_raw overrides anony so the end result is d: 2055XXXXXX. I want to use md5 so that I can still co-relate data-.
For props.conf even if I change order of the two properties the end result stays the same. Removing anony_raw makes no changes to the original information.
... View more
05-25-2020
06:11 AM
https://answers.splunk.com/answers/614339/transform-field-in-sha256-before-indexation.html suggests this cannot be done.
... View more
05-25-2020
06:03 AM
I exactly want this. I changed anony_raw so as to include data before and after. However, the hash is not applied. The script only adds XXX to d instead of calculating hash.
props.conf
INDEXED_EXTRACTION = json
KV_MODE = none
TRANSFORMS-anony = anony, anony_raw
Transforms.conf
[anony]
INGEST_EVAL = d=md5(d)
WRITE_META = true
[anony_raw]
REGEX = (?m)^(.*)(\"d\":\s*\")(\d{4})\d+\"(.*)
FORMAT = $1$2$3XXXXXX"$4
DEST_KEY =_raw
... View more
05-25-2020
12:28 AM
Since the actual data is only available to the admin, does it mean that only admin will create the dashboards while other users use customer index?
... View more
05-25-2020
12:21 AM
Thank you for your answer.
d is single valued.
However, I cannot use this solution as I would not be able to perform commands like "|stats count by d" since the indexed value of d will be changed. I want d to be anonymized for all the users but splunk should be able to internally use it.
... View more
05-22-2020
05:13 AM
I have a json event with an id which I want to anonymize. However, I have to be able to perform stats/count/grouping and other analytics on this id later. In short, I want to hide this id for the users but should be able to be used internally by Splunk. Is this possible?
My event looks something like this:
{"duration":0.33,"a":"login","i":"50050","d":"2055502349","c":"LIVE","@timestamp":"2020-05-22T01:59:59.601Z"}
I want to anonymize "d" id.
... View more
Labels
- Labels:
-
JSON
11-15-2019
06:07 AM
I am uploading the file manually for testing but these settings do not work. Also without FIELD_DELIMITER there is no recognition of different fields. Is it possible to see the effect on manually uploaded file?
... View more
11-12-2019
07:35 AM
I have a "!" seperated file without a header. I want to import it in Splunk. However Splunk by default takes the first event as the header and all other events below. I want to manually name the fields in the sourcetype. I was wondering if this is possible.
So far, my sourcetype looks like this:
[ ca_csv ]
SHOULD_LINEMERGE=true
LINE_BREAKER=([\r\n]+)
NO_BINARY_CHECK=true
CHARSET=UTF-8
DELIMS=!
FIELDS=a1,a2,a3,a4,a5
FIELD_DELIMITER=!
category=Custom
disabled=false
pulldown_type=true
CHECK_FOR_HEADER=False
However, this does not rename the fields as a1,a2,a3,a4,a5. I have 5 fields per event.
Sample data
L01!0112!11493!20191111000012!1149385630101120002012812019111032019111020191110690952404800415;201911
L02!0112!11493!20191111000012!0003M00BF000001010020191111000012D823AIB000000bR0FFF0001
L03!0112!114938563!20191111000013!0003M0036010001000020191110230005D823O07F L04!0112!114938563!20191111000014!025092664050002011201281201911111000114
... View more
09-30-2019
06:36 AM
Go to the next step of Input Settings and come back and you will see the changes. This is a bug.
... View more
06-17-2019
06:02 AM
1 Karma
Thank you that works perfectly! 🙂
... View more
06-17-2019
05:04 AM
I have two searches :
Duration for which a device uses the system
index=device | fields device_start_time,device_end_time,device_id, duration, system_id
Time for which system is running
index=system | fields system_start_time,system_end_time, system_id, system_spec1,sstem_spec2,system_spec3
Now each device runs at different time, each system runs at different time. The multiple devices can subscribe to one running system at a time and assumes the specifications of the system. System have different specifications for different system_start and system_end times. So the results should contain co-related events for each device such that like device_start_time>=system_start_time AND device_end_time<=system_end_time AND system_id matches
Final result:
device_id,system_id,system_spec1,system_spec2,system_spec3
... View more
06-03-2019
08:04 AM
https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Addsparklinestosearchresults
... View more
05-17-2019
06:28 AM
I removed Indexed extractions from the prop.conf on UF. And that resolved my issue.
... View more
04-18-2019
12:49 AM
I have these settings on props.conf on UF. Is that the problem that I need to put these settings on SH?
... View more
04-17-2019
07:17 AM
This is not a multivalued field. This is a single valued field. All fields except the date field are affected. I want all the fields to appear as single valued field. The json data has getting wrongly doubled values.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
