×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
thommck
New Member
Member since: ‎01-08-2014
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-08-2014
Activity Feed
Topics I've Started
View All

Re: Extract fields from antivirus summary

by in Splunk Search
‎06-04-2014 06:49 AM
‎06-04-2014 06:49 AM
I'll look into this, thanks ... View more

Re: Extract fields from antivirus summary

by in Splunk Search
‎06-04-2014 06:49 AM
‎06-04-2014 06:49 AM
Thanks, this works but is there a way to make it always index the data this way? ... View more

Extract fields from antivirus summary

by in Splunk Search
‎06-04-2014 04:24 AM
‎06-04-2014 04:24 AM
I've been trying to use the field extractor to get some useful data from my Sophos Anti-virus scan log. Unfortunately, it doesn't seem to work. I also can't figure out how I would break the event up using transforms.conf. The log contains the following summary when I search it in Splunk (it has it's own soucetype [SAV-too_small]). 20140604 042046 Scan 'Daily Scan 5am' completed. 20140604 042046 Summary of results for scan 'Daily Scan 5am': Items scanned: 198971 Errors: 0 Items quarantined: 0 Items dealt with: 0 What I want is to get some kind of table or chart where it splits up "errors" and "items" as separate fields. Any help would be much appreciated Thanks, thommck ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM