Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About aherrington
aherrington
Path Finder
Member since:
09-04-2018
01-28-2022
Community Statistics
| Posts | 16 |
| Solutions | 1 |
| Karma Given | 2 |
| Karma Received | 1 |
| Member Since | 09-04-2018 |
Activity Feed
- Karma Re: Unable to get Enterprise License Free Trial for Marco. 05-21-2021 12:40 PM
- Karma Re: Unable to get Enterprise License Free Trial for s2_splunk. 05-21-2021 12:40 PM
- Posted Re: Unable to get Enterprise License Free Trial on Installation. 05-21-2021 11:17 AM
- Posted Unable to get Enterprise License Free Trial on Installation. 05-21-2021 08:00 AM
- Got Karma for Re: How do I select first and second match as separate fields using Rex?. 06-05-2020 12:49 AM
- Posted Re: Omitting matching fields unless blank on Splunk Search. 04-05-2019 06:33 AM
- Posted Omitting matching fields unless blank on Splunk Search. 04-05-2019 04:28 AM
- Tagged Omitting matching fields unless blank on Splunk Search. 04-05-2019 04:28 AM
- Tagged Omitting matching fields unless blank on Splunk Search. 04-05-2019 04:28 AM
- Tagged Omitting matching fields unless blank on Splunk Search. 04-05-2019 04:28 AM
- Tagged Omitting matching fields unless blank on Splunk Search. 04-05-2019 04:28 AM
- Tagged Omitting matching fields unless blank on Splunk Search. 04-05-2019 04:28 AM
- Posted Re: How do I select first and second match as separate fields using Rex? on Splunk Search. 10-02-2018 02:49 AM
- Posted Re: How do I select first and second match as separate fields using Rex? on Splunk Search. 10-01-2018 08:15 AM
- Posted Re: How do I select first and second match as separate fields using Rex? on Splunk Search. 10-01-2018 05:18 AM
- Posted How do I select first and second match as separate fields using Rex? on Splunk Search. 10-01-2018 02:45 AM
- Tagged How do I select first and second match as separate fields using Rex? on Splunk Search. 10-01-2018 02:45 AM
- Tagged How do I select first and second match as separate fields using Rex? on Splunk Search. 10-01-2018 02:45 AM
- Posted Re: IF statements to determine which table to format in on Splunk Search. 09-05-2018 04:21 AM
- Posted Re: IF statements to determine which table to format in on Splunk Search. 09-04-2018 08:46 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
05-21-2021
11:17 AM
Thanks, I’ll try applying for a dev license. A shame I can’t get an enterprise license in the meantime though
... View more
05-21-2021
08:00 AM
Hello, I am trying to get hold of an Enterprise License Free Trial in order to run Boss of the SOC on my VM. When I navigate to https://www.splunk.com/en_us/download/splunk-enterprise.html the page keeps reloading.. I made a new account to check that I hadn't already used my free trial, and clicking the Enterprise 60 day trial just gives me a free trial to Splunk Cloud.. Has the Enterprise Free Trial gone? How can I go about getting a license? Thanks,
... View more
Labels
- Labels:
-
license
04-05-2019
06:33 AM
Ended up having to convert one of my fields using the eval field=tostring(field1) to get the comparison to work in the end, but it worked as expected. Thanks.
... View more
04-05-2019
04:28 AM
Hello,
I'm trying to omit rows that contain matching fields, unless those fields are blank. Example syntax below:
| where field1 != field2 UNLESS field1=" "
Obviously the UNLESS won't work, but I've put it in there for arguments sake. An OR doesn't work in the above syntax, as if field1 is blank, field2 is blank too which would make the NOT EQUALS result in omitting the row.
... View more
10-02-2018
02:49 AM
Hello, apologies it was an error from a different function that threw up the error. This worked perfectly, thank you for your help
... View more
10-01-2018
08:15 AM
That almost works, although I can't guarantee that there will always be 2, sometimes there will be 3 or 4. I need to make sure it only selects the first 2.
... View more
10-01-2018
05:18 AM
1 Karma
Thanks for your answer, that works to get the result on different rows, however I need the result to be in separate fields.
Can this method be adapted for that?
Thanks,
... View more
10-01-2018
02:45 AM
Hello,
I have 1 field in Splunk which contains 2 short email headers in plain-text, for example:
**From**: Me (me@me.com)
**Sent**: 28 September 2018 17:42
**To**: You (you@you.com)
**Subject**: This is the first email
**From**: Me (me@me.com)
**Sent**: 28 September 2018 18:42
**To**: You-aswell (you-aswell@you.com)
**Subject**: This is the second email
There is more text after the 2 short email headers.
I would like to use Rex to select the 2 Sent times, i.e:
rex field=output "Sent: (?<sent_time_1>.*)"
rex field=output "Sent: (?<sent_time_2>.*)"
How do I select in the rex function which match to select? As an FYI, there may be text before the headers so selecting the line number wouldn't be an option.
Thanks,
... View more
- Tags:
- rex
- splunk-enterprise
09-05-2018
04:21 AM
Hi all,
I used strcat to solve my problem in the end
https://docs.splunk.com/Documentation/Splunk/7.1.2/SearchReference/St
I decided my best method would be complete the time conversions separately as 2 fields, then combine them in to one field.
... View more
09-04-2018
08:46 AM
Thank you for your assistance, I will attempt this shortly, I think I may have to adapt some things but looks like it should work.
... View more
09-04-2018
08:01 AM
Hi there,
I'm wondering if it's possible to format a Splunk query like so:
IF results contains "this string" THEN use these formatting commands OR
IF results contains "a different string" THEN use these formatting commands
And if possible pull them all together in one table.
If it makes it easier to explain, I will try and use network logs as an example
e.g. say the logs are as follows:
scrip=10.0.0.1 08/31/2018 11:23:34 PM (GMT)
scrip=10.0.0.2 07-09-2018 23:33:57
index=network scrip=10.0.0.1 | convert time format OR index=network scrip=10.0.0.2 | different time format conversion | table bothtimeconversion
Ideally the final table would look like this:
scrip bothtimeconversion
10.0.0.1 09/07/2018 23:23:34
10.0.0.2 31/08/2018 23:33:57
I have already sorted the time conversion format, it's essentially how I would structure the different commands based on the different source IP.
Thank you in advance
... View more
09-04-2018
06:33 AM
Excellent I got it to work 🙂 - I added an hour to make it BST
eval unix_time=strptime(in_time, "%m/%d/%Y %I:%M:%S %p") + 3600 | eval time_out=strftime(unix_time, "%d/%m/%Y %H:%M") | fields out_time
Thank you for your help!
... View more
09-04-2018
06:11 AM
eval unix_time=strptime(in_time, "%m/%d/%Y %H:%M:%S" | fields unix_time
This is the command I have attempted but it throws up an error
... View more
09-04-2018
04:35 AM
I also have times in format 31 August 2018 22:21 - can this be converted to 31/08/2018 22:21?
Many thanks,
... View more
09-04-2018
03:13 AM
Hello,
I have a field called in_time with example output = 8/31/2018 10:21:59 PM (GMT)
I'd like this time (e.g. out_time) to be extracted and converted to read 31/08/2018 22:21:59
Can you help?
Many Thanks,
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-28-2022
03:55 AM
|
