Is this where I use RegularExpression or Xml Tag Extract?
I am trying to create a search that shows when this value is 1 or zero on issuepolicy and gather the GUID in UI Event.
ideally an report that shows the GUID UIEvent and 0 or 1 from issuepolicy.
my RegEx works... Just not in splunk or with extracting the field 😞
and when I tried to extract the xml nothing seemed to notice the pipe
[search index=mainSvr customers | xmlkv issueNews ]
03/09/2016 08:16:51 AM
8 lines omitted ...
Keywords=Classic Message=2016-03-09 08:16:51,752  INFO UIEvent [26fsvas-0316-4500-a9ca-f90d8c961f59] [(null)] [(null)] [(null)] - omghicom14thiswhoa /Response "<?xml version=\"1.0\" encoding=\"utf-8\"?><apiResponse><notices /><trainRide sessionID=\"31E90C35:1CF37F31:7A35FE:02EE4AD521B4:48E12:914CB7768\"><notices /><issueNews status=\"success\" historyID=\"27865\" issuepolicy=\"1\"><notices /></issueNews></trainRide></apiResponse>"
So I am confused can I do this without having access to my server that splunk lives on ? I see some recommend to chang the conf file to allow XML to be automatically parsed.
... View more
The search I made into an alert seems to function, but claims "There are no fired events for this alert.", yet every 15 minutes after the hour, I receive the webHook to http://requestb.in/ >.
I am in the process of making an API to receive the JSON and parse it server side. Is this what webHooks are designed for? Are there other tools I should be using to monitor errors made from a specific search? I want to compare them to previous days data with the outlook of filtering new results to a specific list, then assigning the errors based on code classes to a list of developers that would likely work on such aspects of the project.
I am lost at why my trigger is being triggered, but the trigger claims no events. Also, if what I am doing is the purpose of webHooks, is there other tooling built-in to accomplish this?
... View more