Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About quangtran
quangtran
Explorer
Member since:
02-23-2022
11-13-2025
Community Statistics
| Posts | 11 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 02-23-2022 |
Activity Feed
- Posted Re: Forward logs from Splunk A to Splunk B, restricted to hosts within a specific index. on Splunk Search. 11-14-2025 12:02 AM
- Karma Re: Forward logs from Splunk A to Splunk B, restricted to hosts within a specific index. for PrewinThomas. 11-14-2025 12:01 AM
- Posted Forward logs from Splunk A to Splunk B, restricted to hosts within a specific index. on Splunk Search. 11-13-2025 07:13 PM
- Tagged Forward logs from Splunk A to Splunk B, restricted to hosts within a specific index. on Splunk Search. 11-13-2025 07:13 PM
- Posted Re: How to replace a specific character? on Splunk Search. 01-15-2023 08:02 PM
- Karma Re: How to replace a specific character? for yeahnah. 01-15-2023 08:02 PM
- Karma Re: how to remove source on data summary for gcusello. 01-15-2023 06:32 PM
- Posted How to replace a specific character? on Splunk Search. 01-15-2023 06:30 PM
- Posted How to remove source on data summary? on Monitoring Splunk. 12-21-2022 10:51 PM
- Tagged How to remove source on data summary? on Monitoring Splunk. 12-21-2022 10:51 PM
- Posted Re: Alert Connection VPN from foreign on Alerting. 08-09-2022 01:15 AM
- Posted Re: how to filter interval in log on Splunk Enterprise. 08-09-2022 01:05 AM
- Posted Re: how to filter interval in log on Splunk Enterprise. 08-09-2022 01:02 AM
- Posted Re: how to filter interval in log on Splunk Enterprise. 08-09-2022 12:44 AM
- Posted How to filter interval in log? on Splunk Enterprise. 08-09-2022 12:34 AM
- Posted How to create an Alert Connection VPN from foreign source on Alerting. 02-23-2022 01:22 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-14-2025
12:02 AM
Thank you for your reply, it was really helpful. The solution works for forwarding logs from Splunk A to Splunk B, but it doesn’t seem to filter out non-UAT logs. In my var_log_*** indexes on Splunk B, I still see hosts that are not UAT. UAT hosts follow a naming pattern like uat-xyz-xyza. I have already placed the props.conf and transforms.conf configuration files into Splunk\etc\system\local.
... View more
11-13-2025
07:13 PM
I have a Splunk server (Splunk A) with indexes named var_log_***, which contain logs from both UAT and Prod hosts. I’d like to forward only the logs from UAT hosts to another Splunk instance (Splunk B). The condition is that the host field contains 'UAT'. Is there a way to achieve this? Thanks!
... View more
- Tags:
- question
01-15-2023
08:02 PM
thanks you, I think my regex is correct, but i don't replace a number and specific character with space
... View more
01-15-2023
06:30 PM
Hi, I have the below output : 1/16/2023 7:51:43 AM 1EE8 PACKET 000001D9C25E6180 UDP Rcv 10.8.64.132 646b Q [0001 D NOERROR] A (6)framer(3)com(0) UDP question info at 000001D9C25E6180 Socket = 940 Remote addr 10.8.64.132, port 55646 Time Query=9030678, Queued=0, Expire=0 Buf length = 0x0fa0 (4000) Msg length = 0x001c (28) Message: XID 0x646b Flags 0x0100 The desired output name=framer.com IP=10.8.64.132 I using regex: sourcetype=DNSlog |rex field=_raw "NOERROR]\W+(?P<name>.*)\sUDP \S.*\s Socket.*\s Remote addr\W+(?P<IP>.*)," | rex mode=sed field=name "s/[\d;()]+//g" |stats count by name IP My below code isn't working, can you please help me?
... View more
Labels
- Labels:
-
regex
12-21-2022
10:51 PM
Hi, I have the following problem:
Is there any way to remove these garbage sources, after one wrong log push, I had a lot of these garbage sources
... View more
- Tags:
- data summary
Labels
- Labels:
-
monitoring console
08-09-2022
01:15 AM
sorry, because this warning does not have enough log sources at the moment, i have not continued writing
... View more
08-09-2022
01:05 AM
thank you for the very detailed answer, but can't fix the real time problem at the moment
... View more
08-09-2022
12:44 AM
hello, I want to filter the period from last Friday to Thursday this week, thanks you
... View more
08-09-2022
12:34 AM
I have a search like this:
sourcetype = Grandstream | stats count by _time phone starttime answer endtime
result:
_time phone starttime answer endtime count
2022-08-09 14:30:42
xxx39xxxx
2022-08-04 14:33:58
2022-08-04 14:34:02
2022-08-04 14:34:02
1
2022-08-09 14:30:42
xxx394xxxx
2022-08-04 14:34:02
2022-08-04 14:34:02
2022-08-04 14:34:02
1
2022-08-09 14:30:42
xxx1394xxx
2022-08-04 14:34:03
2022-08-04 14:34:03
2022-08-04 14:34:09
1
2022-08-09 14:30:42
xxx1382xx
2022-08-09 14:28:52
2022-08-09 14:28:52
2022-08-09 14:29:25
1
But _time and starttime don't match because the log time is pushed wrong
is there a way to filter the starttime field by its time in a week from 0h Friday to 24h Thursday?
thanks
... View more
02-23-2022
01:22 AM
how to create an alert detect when there is a VPN connecting from the outside
... View more
Labels
- Labels:
-
alert action
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-13-2025
07:06 PM
|
