×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jwalbert
New Member
Member since: ‎05-25-2017
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-25-2017
Topics I've Started
No posts to display.
View All

Re: how to not index log lines that have these 2 p...

by in Getting Data In
‎05-30-2017 10:34 AM
‎05-30-2017 10:34 AM
Did some testing on regex101.com and this "looks" like it works, but the events are still coming in and being ingesting into Splunk. So I'm missing something. Tried many versions of the example above, and regex101.com doesn't validate everything as it should be. Should I not use Regex101.com for splunk regex?? So out of the events coming in I don't want any with these matching phrases: “Request is valid” “validating the [\w-]+ header field. value:” “Validated service ticket” “getAppActiveAndSecretResult:” “getSystemSetupHandler:” “validating the required header fields.” Example Log Data: 2017-05-25 23:22:31,422 INFO (vert.x-eventloop-thread-4) ?.: TID: b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - Request is valid 2017-05-25 23:22:31,422 INFO (vert.x-eventloop-thread-4) ?.: TID: b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - validating the ur-content-checksum header field. value: IRHP9g6wxkouF35KI1DUmg== 2017-05-25 23:22:31,422 INFO (vert.x-eventloop-thread-4) ?.: TID: b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - Validated service ticket 2017-05-25 23:22:31,422 INFO (vert.x-eventloop-thread-4) ?.: TID: b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - validating the ur-user-name header field. value: dp_prod_loader 2017-05-25 23:22:31,422 INFO (vert.x-eventloop-thread-4) ?.: TID: b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - validating the ur-requesting-service header field. value: ur.java.client 2017-05-25 23:22:31,422 INFO (vert.x-eventloop-thread-4) ?.: TID b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - getAppActiveAndSecretResult: 2 ms 2017-05-25 23:22:31,420 INFO (vert.x-eventloop-thread-4) ?.: TID b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - getSystemSetupHandler: 1 ms 2017-05-25 23:22:31,419 INFO (vert.x-eventloop-thread-4) ?.: TID: b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - validating the ur-app-id header field. value: DIGITAL_PLATFORM 2017-05-25 23:22:31,419 INFO (vert.x-eventloop-thread-4) ?.: TID: b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - validating the ur-request-date header field. value: 2017-05-25 23:22:30.963 -0700 2017-05-25 23:22:31,419 INFO (vert.x-eventloop-thread-4) ?.: TID: b47d618c-a5fc-4d41-a7a2-b1c0fae15dc0 - validating the required header fields. props.conf [default] TRANSFORMS-null= setnull transforms.conf [setnull] REGEX = Request is valid|getAppActiveAndSecretResult|getSystemSetupHandler|validating the [\w-]+ header field|Validated service ticket DEST_KEY = queue FORMAT = nullQueue ... View more

Re: Multiple regex in a field extraction

by in Splunk Search
‎05-25-2017 02:33 PM
‎05-25-2017 02:33 PM
Thanks! Worked perfectly ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM