cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
adumbrys
Explorer
Member since: ‎08-18-2014
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎08-18-2014
Activity Feed
View All

Re: Splunk Field Extraction Error with Edited Rege...

by in All Apps and Add-ons
‎08-22-2014 06:14 AM
‎08-22-2014 06:14 AM
Thank you! This definitely caught the majority of the delimited fields. Now I just need to make sure each event in the logs is in the same exact format. I'm getting some little errors, where one pair of pipes isn't being caught properly...and the user agent string in the last field is cut off after the first few letters. But most importantly I'm not getting the same problems as before...which is progress! ... View more

Re: Splunk Field Extraction Error with Edited Rege...

by in All Apps and Add-ons
‎08-22-2014 06:12 AM
‎08-22-2014 06:12 AM
Can I do this when I don't have Splunk installed locally, and just accessing it through the browser? I definitely need to do more reading on this, because I would suppose that I could create config files and submit them to my administrator? ... View more

Splunk Field Extraction Error with Edited Regex

by in All Apps and Add-ons
‎08-20-2014 08:41 AM
‎08-20-2014 08:41 AM
I have logs which contain a long series of pipe delimited fields. My issue is that there are some fields which do not have any values, and instead of some character being loaded in place of a NULL field, the field is left blank. For example this log would record various information about site visitors, some fields are left blank based on the device and parts of the website visited. |wired|||||/||00005wcuu-jSbW_AypQB1ZDLdjH:180ds1m45|Search|||Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36| But when I extrapolate the regex to meet this scenario, I still receive "the generated regex was unable to match all examples" Here is a regex created in attempt to generate fields: ^(?P<FIELDNAME1>[^\|]+)\|(?P<FIELDNAME2>[^\|]+)\|(?P<FIELDNAME3>[^\|]+)\|(?P<FIELDNAME4>[^\|]+)\|(?P<FIELDNAME5>[^\|]+)\|(?P<FIELDNAME6>[^\|]+)\|(?P<FIELDNAME7>[^\|]+)\|(?P<FIELDNAME8>[^\|]+)\|(?P<FIELDNAME9>[^\|]+)\|(?P<FIELDNAME10>[^\|]+)\|(?P<FIELDNAME11>[^\|]+)\|(?P<FIELDNAME12>[^\|]+) None of the log events will contain Pipes within the fields, so I thought that it would be simple enough to tell Splunk that anything (even nothing) between two pipes is a field. Any suggestions are greatly appreciated! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to