×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
dmt_admin
New Member
Member since: ‎03-29-2019
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-29-2019
View All

Re: How do you extract a field from known text (wi...

by in Splunk Enterprise
‎03-29-2019 10:08 AM
‎03-29-2019 10:08 AM
This is working! Thank you so much! Could this command be modified to accommodate numbers greater than 9? Just out of curiosity could this be accomplished without the rex command? I feel like I was wayyy off. I was looking at the match and like commands along with eval . Your command is so short and simple. Also within the search bar, is there any way to use a wildcard to select "port (port number)"? I have tried "port *" but that doesn't seem correct. I greatly appreciate your help. ... View more

How do you extract a field from known text (with v...

by in Splunk Enterprise
‎03-29-2019 08:45 AM
‎03-29-2019 08:45 AM
I am trying to "extract" the port number as a field that I can use to build a pie chart (or time chart) that simply contains the number of times a specific port is mentioned. It seems like it would be SO simple, yet I can't seem to figure out the syntax. I would ultimately like to end up with a field that simply contains either the port number or the words "port (the port number)". I have included a sample of the events below. Mar 28 13:06:43 10.0.1.35 Mar 28 13:03:44 STP: MSTI0: New root on port 7, root path cost is 20010, root bridge id is 32768.CC-2D-E0-51-7B-8C Mar 28 13:06:39 10.0.1.35 Mar 28 13:03:40 STP: msti 0 set port 8 to forwarding Mar 28 13:06:39 10.0.1.35 Mar 28 13:03:40 STP: msti 0 set port 8 to learning Mar 28 13:06:36 10.0.1.35 Mar 28 13:03:38 STP: msti 0 set port 8 to discarding Mar 28 13:06:36 10.0.1.35 Mar 28 13:03:38 Port: link state changed to 'up' (1G) on port 8 Mar 28 13:06:35 10.0.1.35 Mar 28 13:03:36 STP: msti 0 set port 9 to forwarding Mar 28 13:06:35 10.0.1.35 Mar 28 13:03:36 STP: msti 0 set port 9 to learning Mar 28 13:06:35 10.0.1.35 Mar 28 13:03:36 STP: msti 0 set port 7 to forwarding Mar 28 13:06:35 10.0.1.35 Mar 28 13:03:36 STP: msti 0 set port 7 to learning Mar 28 13:06:33 10.0.1.35 Mar 28 13:03:34 STP: msti 0 set port 7 to discarding Mar 28 13:06:33 10.0.1.35 Mar 28 13:03:34 Port: link state changed to 'up' (1G) on port 7 Mar 28 13:06:33 10.0.1.35 Mar 28 13:03:34 STP: msti 0 set port 9 to discarding Mar 28 13:06:33 10.0.1.35 Mar 28 13:03:34 Port: link state changed to 'up' (1G) on port 9 Mar 28 13:06:32 10.0.1.35 Mar 28 13:03:33 Port: link state changed to 'down' on port 8 Mar 28 13:06:30 10.0.1.35 Mar 28 13:03:32 STP: msti 0 set port 8 to discarding Mar 28 13:06:30 10.0.1.35 Mar 28 13:03:32 Port: link state changed to 'up' (1G) on port 8 Mar 28 13:06:28 10.0.1.35 Mar 28 13:03:30 Port: link state changed to 'down' on port 9 Mar 28 13:06:28 10.0.1.35 Mar 28 13:03:30 Port: link state changed to 'down' on port 7 Mar 28 13:06:27 10.0.1.35 Mar 28 13:03:28 STP: msti 0 set port 8 to discarding Mar 28 13:06:27 10.0.1.35 Mar 28 13:03:28 Port: link state changed to 'down' on port 8 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM