cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
hurryupfool123
Explorer
Member since: ‎10-15-2020
‎05-09-2023
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎10-15-2020
Activity Feed
View All

Re: replacing values with "*****"

by in Splunk Search
‎10-27-2020 11:20 AM
‎10-27-2020 11:20 AM
thank you!  don't know why I didn't think of that!  ... View more

replacing values with "*****"

by in Splunk Search
‎10-27-2020 10:09 AM
‎10-27-2020 10:09 AM
I have a field "users" that spits out the result "*****"  I want to replace the ***** with an IP address its actually related to...  i.e. replace ***** with (12.13.12.13). so that when ever ****** pops up on my table its replaced with the IP's above. but everytime I search I get a failure stating I can't use consecutive ******   |replace "*****" with  (12.13.12.13)   how can I literally reference ***** as a strings instead of SPL thinking I am saying to search anything bc of the ******    ... View more
Labels

Re: Searching for a specific Expression

by in Splunk Search
‎10-15-2020 11:35 AM
‎10-15-2020 11:35 AM
hey buddy!   thank for taking the time.  unfortunately it has not worked.  the REX is stilling pulling single digit after the %ASA  For some reason I think the first dash fools the system into thinking the first "-6-" count as part of the whole 6 digits I am trying to pull within the data above.   for some reason I need to cancel the first "-" so that it only takes expressions within the second "-" I hope I am making sense.  ... View more

Searching for a specific Expression

by in Splunk Search
‎10-15-2020 10:16 AM
‎10-15-2020 10:16 AM
Splunkers I am new to the community and learning the Art of splunk!  I am searching raw data from a syslog server,  the data that I am pulling usually looks like this.  I post most of the data in case its needed.  but most of the data that's security relevant has been replaced by ficticious characters.    My focus is the "%ASA-6-106100" within the message log.  I want to be able to pull only the six digits in the string "106100"  So far I was able to develop a few Regular expression but in the process it pulls all the numbers that are place where the the "-6-" belongs.  which takes my data and makes it messy I want to tell splunk to only search data with 6 charactors and that's it.  index=syslog sourcetype=syslongisamazing "ASA" | rex field=Event_type_code ^(?<Events_code>\. \d\d\d\d\d\d) | table Event_Code_type This helps but like mentioned is pulls even the middle code withint my data.    Thanks for your help community.  2020-10-IST10:04:10.339 192.168.264.264|192.168.162.321| MFRTRSyslog0453 <234>Oct 15 2020 08:04:10 xxxx-xxxx0234: %ASA-6-106100: --> access-list xxxx-xxx-xxxx001_access_in permitted tcp xxx-x-xx-xxxxx  1.1.1.1(3454) hit-cnt 1 hit [oxbc660c9] [ox3a234t435a7f]     ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-09-2023 05:06 PM
Karma given to
View All