×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rg33
Explorer
Member since: ‎07-25-2012
‎04-02-2024
Community Statistics
Posts 5
Solutions 1
Karma Given 4
Karma Received 7
Member Since ‎07-25-2012
Activity Feed
Topics I've Started
View All

Re: TA-pfsense 2.5 - not parsing events

by in All Apps and Add-ons
‎01-12-2023 12:25 PM
‎01-12-2023 12:25 PM
Adding into the thread as I am too having issues similar as reported.  I was at one point processing logs and extracting fields as expected, however, stopped a few days ago.  In outside tutorials and posts, I noted the timestamp listed in the logs is much different thank what I am seeing. Some sites show timestamp as: MMM d HH:MM:SS filterlog: {etc} However, my installation is producing logs in the following format: 1 YYYY-MM-DDTHH:MM:SS.084257+00:00 {pfSense DNS name} filterlog {etc} Following recommendations from other posts, it seemed the transforms.conf regular expression did not take into account this detailed timestamp.  I updated as follows and I am now extracting accurate source types but still working to get fields properly extracted through editing props.conf. \w{1}\s\w{4}-\w{1,2}-\w{1,2}T\d{1,2}:\d{1,2}:\d{1,2}\.\d{1,6}\+\d{1,2}:\d{1,2}\s(?:[\w.]+\s)?(\w+) I will post a follow up once I make more progress. ... View more

Re: compare fields for like match

by in Splunk Search
‎06-18-2019 07:30 AM
‎06-18-2019 07:30 AM
How would you get the time for which these two fields matched each other? Further, if it matches several times how would you get the first time they matched (earliest time)? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-02-2024 02:02 PM
Karma from
Karma given to
View All