About himanshu1

himanshu1 · ‎03-07-2023

Hello Friends, In a sourcetype , data are coming in from multiple hosts and host are residing in diff-2 time zones. In raw logs we can see time zone is also mentioned, I want to write a generic TIME_FORMAT for this. time stamps example : Mar 7 09:18:00 SGT: Mar 6 19:07:42 UTC: Mar 7 01:31:58.460 WST: Mar 7 09:13:17.384: I tried like TIME_FORMAT= %b %d %H:%M:%S.%Q %Z , WHICH IS NOT WORKING. %Z is not able to recognize time zone here , please help me with some other expression. Thanks in advance 🙂 Happy Splunking ! !

himanshu1 · ‎05-27-2022

Thank you so much for your valuable feedback. Query is working fine but it gets terminated if it encounters any invalid lookup. any workaround to fix this issue ? Thank You,

himanshu1 · ‎05-26-2022

Hi Friends, I am trying to list out all the available splunk lookups and want to display count of records present in each lookups. However i found rest command to list out all the lookups but how to get count of records for each lookup ? Rest command : | rest/servicesNS/-/-/data/lookup-table-files |table title I want to display count of records present in each lookup in another column. Is it possible to display with SPL? Requesting your valuable feedback and help. Thank you in advance. Himanshu

himanshu1 · ‎08-14-2021

@mayurr98 Hi , How to write regex for ip range and can we use wildcard here ? [setnull] REGEX = 192\.168\.10\.11 DEST_KEY = queue FORMAT = nullQueue Thanks in advance 🙂

Posts	4
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎04-21-2021

Online Status	Offline
Date Last Visited	‎03-07-2023 01:11 PM

Why is TIME_FORMAT not working?

How to list out all the lookups and display count ...

Why is TIME_FORMAT not working?

Re: How to list out all the lookups and display co...

How to list out all the lookups and display count ...

Re: Easiest way to exclude ingestion of events for...