cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
CaptainPiPoTron
Engager
Member since: ‎09-05-2020
‎09-06-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-05-2020
Activity Feed
View All

Re: Dynamic parsing ?

by in Splunk Dev
‎09-06-2020 05:32 AM
‎09-06-2020 05:32 AM
@ITWhisperer  it's why i post here 😉 i don't know how to do it ..  ... View more

Re: Dynamic parsing ?

by in Splunk Dev
‎09-06-2020 05:19 AM
‎09-06-2020 05:19 AM
hey @ITWhisperer  "result" field must contain a specific value "depending on event id" like in example  if ID = 5 i want that my field "Result" is egal to the value of productB. (Result = Screw11) if ID = 6 i want that my field "Result" is egal to the value of productD. (Result = Screw9) if ID = 240 i want that my field "Result" is egal to the value of productB. (Result = Screw11) if ID = 499 i want that my field "Result" is egal to the value of productB. (Result = Screw11) and so on.. thanks 😉 ... View more

Re: Dynamic parsing ?

by in Splunk Dev
‎09-06-2020 04:54 AM
‎09-06-2020 04:54 AM
@ITWhisperer  "result" it's just the name of the field which contains the value of productA or ProductB or ProductX  according to the number ID ... View more

Re: Dynamic parsing ?

by in Splunk Dev
‎09-05-2020 04:17 PM
‎09-05-2020 04:17 PM
@anilchaithu   thanks for your answer ! 😀 but i think i can't do an auto lookup with FIELDS ID & RESULT (if i understand correctly the lookup table) because i don't know the value of productA before i got it in the event ..and it can be anything example : productA could be screw 50 or hammer 60 etc... and yes i want the Result field as an indexed field 🤗 ... View more

How to dynamically parse a field?

by in Splunk Dev
‎09-05-2020 05:09 AM
‎09-05-2020 05:09 AM
Hello, 😊 i'm new on splunk and i want to know the best way to accomplish the following task IINFORMATION INPUT : i have DATA in xml format in the event  the value of ID can be between 1 and 500 in the event there is at least 15 ProductX  (it's can be ProductA, ProductB, ProductC, ... ,ProductZ) ProductX can be use for 300 differents ID     <EventData> <Data Name="ID">5</Data> <Data Name="ProductA">Screw 16</Data> <Data Name="ProductB">Screw 11 </Data> <Data Name="ProductC">Screw G</Data> <Data Name="ProductD">Screw 9</Data> ... ... </EventData>     GOAL : i want dynamically parse a field called "Result" which depends of the ID which is in the event EXAMPLE : if ID = 5 i want that my field "Result" is egal to the value of productB. (Result = Screw11) if ID = 6 i want that my field "Result" is egal to the value of productD. (Result = Screw9) if ID = 240 i want that my field "Result" is egal to the value of productB. (Result = Screw11) if ID = 499 i want that my field "Result" is egal to the value of productB. (Result = Screw11) and so on.. i try to do the parsing with prop.conf file and trabsforms.conf with INGEST_EVAL and IF and OR but no joy.. any solutions / advices for saving performances / best way to do this please? Thx !! 😘     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-06-2020 05:15 PM
Karma given to
View All