×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
s0m073r
Engager
Member since: ‎12-21-2019
‎06-05-2020
Community Statistics
Posts 13
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎12-21-2019
Activity Feed
View All

Re: need help with forming a regex command for ext...

by in Splunk Search
‎05-27-2020 01:11 PM
‎05-27-2020 01:11 PM
Use erex... https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Erex#Examples ...| erex examples="x-hello-abc" Then view the regex generated by Splunk via the job inspector. ... View more

Re: how to use the rex command to extract data whe...

by in Splunk Search
‎02-07-2020 07:56 AM
‎02-07-2020 07:56 AM
Glad to help! ... View more

Re: what regex command i can use in order to creat...

by SplunkTrust in All Apps and Add-ons
‎01-27-2020 05:53 AM
1 Karma
‎01-27-2020 05:53 AM
1 Karma
This worked for me in regex101.com using your sample data. rex "ag-somethin-id\":\[\"(?<somethin>[^\"]+)" ... View more

Re: How can we send the entire error stack from ap...

by in Alerting
‎12-24-2019 10:36 AM
‎12-24-2019 10:36 AM
Splunk by default cannot do event aggregation in this way, HOWEVER, ArcSight NiFi , and cribl can. In the case of ArcSight , they do not charge for the use of their connectors which do this aggregation function but probably using them without using the entire product is a violation of their TOS. In the case of cribl it is super easy but it does cost money (let me know if you need help, we are a VAR). In the case of NiFi , it is complicated but free. The "right" answer is probably cribl because it is specifically built for doing this kind of thing and connecting to Splunk. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All