cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
JM12
Explorer
Member since: ‎03-18-2021
‎03-24-2021
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎03-18-2021
Activity Feed
View All

Re: Extract specific lines from Message

by in All Apps and Add-ons
‎03-18-2021 10:05 AM
‎03-18-2021 10:05 AM
Hey Richgalloway, This one helped!! thanks! if its not too much trouble is there a site where I can read up on the sed that is being filtered? it looks complex. Say I wanted to filter out not just the beginning line, where can I reference it to pick up other lines? is this similar to linux Awk? ... View more

Re: Extract specific lines from Message

by in All Apps and Add-ons
‎03-18-2021 10:03 AM
‎03-18-2021 10:03 AM
Hey Vardhan, I did that but I did not get anything, it did say missing a search command before the "^" ... View more

Extract specific lines from Message

by in All Apps and Add-ons
‎03-18-2021 09:04 AM
‎03-18-2021 09:04 AM
Hello All, I am just learning Splunk and using rex but could you guys help me with my syntax to assist me in extract specific information from the Message table? Here is my sample syntax: host="*<hostname>" EventCode=4624 OR EventCode=4724 | table _time host user Message | dedup user   Results in Message: "An account was successfully logged on.    Subject: Security ID: Account Name: Account Domain: LogonID: ETC"   I really just want to pull the first part where it says "An account was successfully logged on." Or the first part of any message that does not need include the rest of the Message after. I know the syntax of the search could most definitely be better but I am just learning how to do these searches so if anyone has a better recommendation on how to do these searches please let me know. Otherwise if you could recommend how to filter the rest out through rex, that would be awesome as well! Thank you all in advance! ... View more
Labels

Splunk Web Application Freezing

by in All Apps and Add-ons
‎03-18-2021 08:56 AM
‎03-18-2021 08:56 AM
Hello All, I have an issue in my environment where my Splunk Web interface is freezing/hiccuping . We have installed Splunk on a super server (overkill) Dell PowerEdge R640, yet it freezing while we are using it to pull data via WMI. We believe it is not the server causing this issue but configuration and possibly using WMI versus the Splunk Forwarders but we wanted to confirm with the community and see if there was another reason for this. Please let us know if anyone else has encountered this and have found a solution themselves. Thank you in advance! Specs for Power Edge R640: 2x Intel Xeon 20-Core Gold 6148 @ 2.4GHz CPU 256GB (8x 32GB DDR4) RAM 2x 1.6TB 2.5" SATA SSD PERC H730p w/ 2GB BBU Cache Quad-Port GbE Network Daughter Card iDRAC 9 Enterprise Redundant 750W PSU Bezel and Rail Kit   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-24-2021 02:22 AM
Karma given to
View All