Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About thomasreggi
thomasreggi
New Member
Member since:
01-26-2018
06-05-2020
Community Statistics
| Posts | 4 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 01-26-2018 |
Activity Feed
- Posted Split transaction by new line on Splunk Search. 01-29-2018 01:36 PM
- Tagged Split transaction by new line on Splunk Search. 01-29-2018 01:36 PM
- Tagged Split transaction by new line on Splunk Search. 01-29-2018 01:36 PM
- Tagged Split transaction by new line on Splunk Search. 01-29-2018 01:36 PM
- Posted What is the search range given for beginning and end query? on Splunk Search. 01-29-2018 09:40 AM
- Tagged What is the search range given for beginning and end query? on Splunk Search. 01-29-2018 09:40 AM
- Tagged What is the search range given for beginning and end query? on Splunk Search. 01-29-2018 09:40 AM
- Tagged What is the search range given for beginning and end query? on Splunk Search. 01-29-2018 09:40 AM
- Tagged What is the search range given for beginning and end query? on Splunk Search. 01-29-2018 09:40 AM
- Posted Re: How to log JSON to Splunk and optimize for spath? on Getting Data In. 01-26-2018 01:24 PM
- Posted How to log JSON to Splunk and optimize for spath? on Getting Data In. 01-26-2018 07:59 AM
- Tagged How to log JSON to Splunk and optimize for spath? on Getting Data In. 01-26-2018 07:59 AM
- Tagged How to log JSON to Splunk and optimize for spath? on Getting Data In. 01-26-2018 07:59 AM
- Tagged How to log JSON to Splunk and optimize for spath? on Getting Data In. 01-26-2018 07:59 AM
- Tagged How to log JSON to Splunk and optimize for spath? on Getting Data In. 01-26-2018 07:59 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
01-29-2018
01:36 PM
I have a query like this:
213123123-231231230342 | transaction startswith="user login process start" endswith="user login process end"
Where it's returning the login flow for a given user. Similar to the out but below. How can I break all of the new lines in the results from the transaction into their own events?
... View more
01-29-2018
09:40 AM
Given the following log lines:
Alpha
Beta
Gamma
Hello
World
Soup
I would like to query ` | first="Beta" | last="World" and get the following:
Beta
Gamma
Hello
World
... View more
01-26-2018
01:24 PM
http://dev.splunk.com/view/logging/SP-CAAAFCK
... View more
01-26-2018
07:59 AM
I am looking to reformat my log output. Right now it's pretty messy and does not follow Splunks parsing format.
What I would like to do is only log a JSON object a string, something like this:
{"time":"2018-01-26 08:17:22.387","uuid":"13hiuh312-213e-134j-sdasj-dsadqweq","file":"main","fn":"load","message":"Hello World"}
Or with a nested "Person" JSON object.
{"time":"2018-01-26 08:17:22.387","uuid":"13hiuh312-213e-134j-sdasj-dsadqweq","file":"main","fn":"load","person":{"name": "thomas reggi", "age":"30"}}
I found in the "Logging best practices" Page that it fields should be all caps and quoted in a totally different format. So I am interested in making the following change.
TIME="2018-01-26 08:17:22.387", UUID="13hiuh312-213e-134j-sdasj-dsadqweq", FILE="main", FN="load", MESSAGE="Hello World"
Or
TIME="2018-01-26 08:17:22.387", UUID="13hiuh312-213e-134j-sdasj-dsadqweq", FILE="main", FN="load", PERSON={"name":"thomas reggi","age":"30"}
I am curious if I need to have the PERSON JSON object at the enclosed in quotes, and if this is valid.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
