×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
william_choo
Explorer
Member since: ‎05-24-2021
‎06-10-2021
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎05-24-2021
View All

Re: How to retrieve a field named as "source" in a...

by in Splunk Search
‎06-09-2021 09:53 PM
‎06-09-2021 09:53 PM
Thank you! That did it! ... View more

Re: How to retrieve a field named as "source" in a...

by in Splunk Search
‎06-08-2021 11:17 PM
‎06-08-2021 11:17 PM
Hi, Thanks for your help with the renaming of source field ... source{} did the trick! However, I was reading up List - Splunk Documentation and still trying to retrieve the source IP address and source port from this field via source{}[0] and source{}[1], but I'm still struggling with trying to get this. Can you pls share how this can be done correctly? Thank you! "source": ["222.186.42.164", 4780], ... View more

How to retrieve a field named as "source" in a sea...

by in Splunk Search
‎06-08-2021 09:56 PM
‎06-08-2021 09:56 PM
Hi, I was able to do a search using this SPL index="myapp_index" source="d:\\splunk\\test.json" | spath input=payload | fields _id ident source | head 10 for the following data, but the problem I have is the "source" is giving me "d:\\splunk\\test.json" instead of the source with the IP address... What do I need to do to extract the source and/or ignore the "source" for the filename?   ... View more
Labels

Re: Searching for data from different log files wi...

by in Splunk Search
‎06-01-2021 11:39 PM
1 Karma
‎06-01-2021 11:39 PM
1 Karma
Hello @bowesmana  Thank you for the advice! Yes I've actually been doing quite a bit of 'unstructured' learning, hopping here and there and also viewing youtube tutorials... I guess I was speeding thru the search fundamentals and missed out some essentials. I was able to create my own Splunk app to ingest some logs but realized I didn't fully understand some of the basics which were crucial for analysis. Thanks once again for the links! ... View more

Searching for data from different log files with s...

by in Splunk Search
‎06-01-2021 08:53 PM
‎06-01-2021 08:53 PM
Hi, I'm new to Splunk here...   I have a local instance of Splunk Enterprise on my local machine where I've created a data input via Data Input > Files & Directories, and then created an Index which I then map the data input to. Within this folder, I've dumped various types of log files from different formats / types of web servers e.g. Apache webserver and IIS , even JSON-formatted log files for analysis.  When I do search for a field name that exists in log files from different formats, does the search results come out for both? Is there any link/doc that explains the best practices or how Splunk behaves with regards to how data is indexed in this circumstance? Thanks in advance. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-10-2021 03:10 AM
Karma from
View All