×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
trent6
Explorer
Member since: ‎05-18-2010
‎06-11-2022
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎05-18-2010
Activity Feed
View All

Re: Trying to parse Event to get 3rd item and piec...

by in Splunk Search
‎06-09-2022 12:59 PM
‎06-09-2022 12:59 PM
Actually, as I look at the files, they are all CSV.  and the item that I want is th 3rd or 4th item. How do i Splunk Free to just read the filess as csv and treat them as columns?  This should be very simple. Take a months worth of web logs and parse them in to fields based on CSV and allow me to do some basic queries.... How do I read them in as simple csv? ... View more

How to parse Event to get 3rd item and pieces of 3...

by in Splunk Search
‎06-09-2022 09:54 AM
‎06-09-2022 09:54 AM
I have a collection of log files that I am trying to parse.  Quick summary: From Apache/Tomcat using logback I don't have permission to change the layout of the log files at the moment but can work on that Event field from the quick parse seems to hold a lot of data that could be separated out into "Fields" via comma separation.   I seem to need the 3rd item in Event if we could parse them by comma Is there an easy way to do that in the query syntax? The Event section looks like: date,  something about a filter, THE URL THAT I WANT, other junk etc 2022-05-01 23:15:24,  calling SSO: null, /topUrl/rest/services/folder/servicename/command?moreinfoEtc, referer: Null, request ip: 10.xxx.xxx.xxx So, I'd love to get statistics on  topURL ServiceName Any help would be great.   ... View more
Labels

Re: Splunk configured with new VMs

by in Reporting
‎05-20-2010 12:54 PM
‎05-20-2010 12:54 PM
This solution worked. We've configure this into the template and created several new machines with no problems. Thanks ... View more

Splunk configured with new VMs

by in Reporting
‎05-18-2010 03:53 PM
1 Karma
‎05-18-2010 03:53 PM
1 Karma
I am attempting to setup Splunk on a VM that will become a VM template. I have run sysprep and made it a template. I create a new VM from the template, and it receives new machine name and IP address. The problem is that when it reports to Splunk, it has shows up under the old Hostname entry. I see current entries that state : Host: oldName , Computername: oldName and other entries that state Host: oldName, Computername: newName We are forwarding Windows event logs to a master Listener. I see at least 3 places where the machine name is configured. Inputs.conf and 2 different server.conf files. What is the best way for us to automate this? Thanks, Trent ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-11-2022 01:25 AM
Karma from
View All