×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
takarthik
New Member
Member since: ‎03-05-2015
‎07-30-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-05-2015
Activity Feed
View All

Re: How to edit my props and transforms.conf to fi...

by in Splunk Search
‎06-10-2016 07:14 AM
‎06-10-2016 07:14 AM
Thanks for your response Rich. I modified the REGEX accordingly and it matched in REGEX101.com ^10.45.(0.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))|([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5])).([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5])))$ On applying that in Splunk under transforms.conf that is not taking any effect. Not sure if I am missing anything in the props and transforms. transforms.conf [setnull] REGEX = \|dest\=^10.45.(0.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))|([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5])).([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5])))$\| REGEX = \|src\=^10.255.(0.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))|([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5])).([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5])))$\| DEST_KEY = queue FORMAT = nullQueue props.conf [sourcetype name] TRANSFORMS-set = setnull Please help. ... View more

How to edit my props and transforms.conf to filter...

by in Splunk Search
‎06-10-2016 12:25 AM
‎06-10-2016 12:25 AM
I am new to this concept. I am trying to filter the 10.0.0.0/8 subnet of logs from destination IP address field. I am trying to filter the logs in Splunk using props.conf & transforms.conf. Can you please help me in confirming if the applied props and transforms are correct, and also please let me know if the REGEX for filtering the destination IP address are correct. Configurations in the props.conf [Filter_Logs] TRANSFORMS-null = null, Filter_Logs Configurations in the transforms.conf, [null] REGEX = . DEST_KEY = queue FORMAT = indexQueue [Filter_Logs] REGEX = \|dest_ip\=^10.0.0.0/8$\| DEST_KEY = queue FORMAT = nullQueue Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-30-2020 04:10 AM