cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ApurvaB
Engager
Member since: ‎08-14-2014
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 4
Karma Received 0
Member Since ‎08-14-2014
Activity Feed
View All

Re: How do I filter (using regex) only particular ...

by in Splunk Search
‎08-27-2014 08:03 AM
‎08-27-2014 08:03 AM
Thanks for your response. Each if my event contains a line count of about 40-50. If I use ^(NOTE|ERROR|WARN) it gives me only the first line of every log file. Do I need to use a multi-line character in my regex? Something like (?m)^(NOTE|WARN|ERROR) But this doesn't seem to filter correctly for me. Do you know any reason why this might happen? ... View more

How do I filter (using regex) only particular line...

by in Splunk Search
‎08-27-2014 06:58 AM
‎08-27-2014 06:58 AM
I am using Splunk forwarder to receive log files from multiple monitors. I need to filter events, based on a regex, from one particular monitor. Is there a way I can do that? I cannot use the RegEx in the Search filed of Splunk Web as it will apply it to the events coming from all the monitors. To be specific, my inputs.conf file has following monitors: [monitor:/// /Monitor1] disabled = false followTail = true index = myIndex whitelist = .log$ [monitor:/// /Monitor2] disabled = false followTail = true index = myIndex whitelist = .log$ Files from Monitor1 contain lines that begin with [NOTE/WARN/ERROR] and other lines that don't. I am only interested in the lines that being with [NOTE/WARN/ERROR] and want to filter out the other lines so that they don't appear in the search results on Splunk Web. Is there a way I can achieve this? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to