cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
CyberWolf
Path Finder
Member since: ‎10-23-2024
2 weeks ago
Community Statistics
Posts 12
Solutions 0
Karma Given 13
Karma Received 2
Member Since ‎10-23-2024
Activity Feed
View All

Re: regex address

by in Splunk Search
3 weeks ago
3 weeks ago
Thank you all it worked! (Grazie mile!) YEAHHH ... View more

Re: regex address

by in Splunk Search
3 weeks ago
3 weeks ago
example from the raw logs: "address":"1234 Nothing 2C Avenue","city":"something","state":"RD" would like to have field name Address Address 1234 Nothing 2C Avenue City something state RD all that in one field so ignore the " , and : What i have index=something | rex field=_raw "address\"\:\"(?<address>.*?)\"\,\" which shows field name: address 1234 Nothing 2C Avenue","city":"something","state":"RD" ... View more

Re: regex address

by in Splunk Search
3 weeks ago
3 weeks ago
all in a single field so i can used later to dc (distinguish count)  ... View more

Re: regex address

by in Splunk Search
3 weeks ago
3 weeks ago
correct it comes in json and i dont have control of it, but im trying to have is address city and state to be all in the field and ignore coma quotes and : ... View more

Re: regex address

by in Splunk Search
3 weeks ago
3 weeks ago
thanks but i think i wasn't clear what im trying to do is that all that to be in one field called (?<address>) not separated with city and state ... View more

regex address

by in Splunk Search
3 weeks ago
3 weeks ago
im trying to capture address, city and state that are in one line but they have ", : and , i would like to excluede (Quotes Coma and Colon) see test example below 12345 noth test Avenue","city":"test","state":"test", ... View more
Labels

Re: Multiple Domains

by in Splunk Enterprise Security
‎11-08-2024 07:20 AM
‎11-08-2024 07:20 AM
Yap it makes since now, it worked thanks! ... View more

Re: Multiple Domains

by in Splunk Enterprise Security
‎11-08-2024 07:07 AM
‎11-08-2024 07:07 AM
its a good idea, but in my case i don't know what domains they will be in the _raw, so i cant predict the list. Some events have one domain and it captured but the next event has 5, next will have 12 and each event has different domains on the raw. ... View more

Multiple Domains

by in Splunk Enterprise Security
‎11-08-2024 05:49 AM
‎11-08-2024 05:49 AM
I have an SPLQ that im trying to collect all domains from a raw logs, but my regex is capturing only one domain. in a single event, some events have one url some of them have 20 and more, how do i capture all domains, please advice? SPLQ .............. | rex field=_raw "(?<domain>\w+\.\w+)\/" | rex field=MessageURLs "\b(?<domain2>(?:http?://|www\.)(?:[0-9a-z-]+\.)+[a-z]{2,63})/?" | fillnull value=n/a | stats count by domain domain2 MessageURLs _raw ... View more
Labels

Re: Compare results from same field

by in Splunk Search
‎10-24-2024 05:08 AM
1 Karma
‎10-24-2024 05:08 AM
1 Karma
Thanks Everyone for fast response! ... View more

Re: Compare results from same field

by in Splunk Search
‎10-23-2024 06:28 AM
1 Karma
‎10-23-2024 06:28 AM
1 Karma
It worked! thank you! ... View more

Compare results from same field

by in Splunk Search
‎10-23-2024 05:14 AM
‎10-23-2024 05:14 AM
I'm using cmd |iplocation src, and the results produce results for the City. Next i want to compare each City and report when results is different. Example when result for a City is Miami and next hour or so  in the same field for the City is Boston. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago
Karma from
View All
Karma given to