×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jkirankumar1993
New Member
Member since: ‎02-28-2018
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-28-2018
Activity Feed
View All

Re: How to extract a field from multi valued event...

by in Splunk Search
‎03-05-2018 07:53 AM
‎03-05-2018 07:53 AM
Worked Great. Thanks a lot ... View more

Re: How to extract a field from multi valued event...

by in Splunk Search
‎03-02-2018 11:10 AM
‎03-02-2018 11:10 AM
Your query worked great for this single event. But, I have series of events and i want to extract these values as a field so that I can make a report ... View more

Re: How to extract a field from multi valued event...

by in Splunk Search
‎03-02-2018 11:07 AM
‎03-02-2018 11:07 AM
I have series of events like this. I want to extract field called "custom_field" from all these multi valued events. Example or sample output of extracted field: AE Test Fail AE Testing in Progress Activating ............. ............. Note: I dont have access to any config files. So, can you tell any regular expression to capture all those values? ... View more

How to extract a field from multi valued event?

by in Splunk Search
‎03-02-2018 10:12 AM
‎03-02-2018 10:12 AM
Hi, This is the sample event GA.769:180302:113834:: INFO.PSA: Getting issue for ID: 931778 GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'AE Test Fail' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType w... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'AE Testing in Progress' of type com.atlassian.servicedesk.internal.sla.customfield.S... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Activating' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType was... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Adding to .Net Website' of type com.atlassian.servicedesk.internal.sla.customfield.S... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'All Sec Incidents (closed)' of type com.atlassian.servicedesk.internal.sla.customfie... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Application Certification' of type com.atlassian.servicedesk.internal.sla.customfiel... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Approvals' of type com.atlassian.servicedesk.plugins.approvals.internal.customfield.... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Approvals' of type com.atlassian.servicedesk.plugins.approvals.internal.customfield.... class type: java.util.HashMap map values: null --> 505 :: NetOps-HR map values: 1 --> 90109 GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'BHN Test' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType was s... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Building Test Lines' of type com.atlassian.servicedesk.internal.sla.customfield.SLAC... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Checking Connectivity' of type com.atlassian.servicedesk.internal.sla.customfield.SL... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Connect to Network and Add to INS' of type com.atlassian.servicedesk.internal.sla.cu... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Connecting MTA to Network' of type com.atlassian.servicedesk.internal.sla.customfiel... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Creating Test Accounts' of type com.atlassian.servicedesk.internal.sla.customfield.S... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Customer Request Type' of type com.atlassian.servicedesk.internal.customfields.origi... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Customer Response Time' of type com.atlassian.servicedesk.internal.sla.customfield.S... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'DOCSIS Test' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType wa... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Days to Resolution' of type com.atlassian.servicedesk.internal.sla.customfield.SLACF... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'Epic Link' of type com.atlassian.greenhopper.customfield.epiclink.EpicLinkCFType was... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'FCC 2 Weeks' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType wa... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'FCC 3 Weeks' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType wa... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'First Response' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'First Response Task Metric' of type com.atlassian.servicedesk.internal.sla.customfie... GA.769:180302:113834:: INFO.getCustomFieldValues(): field 'IT Testing' of type com.atlassian.servicedesk.internal.sla.customfield.SLACFType was... When I use regular expression I am getting the value from the first line but not from the other lines. I want to capture the fields that start after INFO.getCustomFieldValues(): field. ... View more

How to search for events that doesn't contain "-" ...

by in Splunk Search
‎02-28-2018 02:55 PM
‎02-28-2018 02:55 PM
Hi i want to retrieve events that does not have "-" in the request url. index=con_jira [| gentimes start=-1 | eval source="/opt/atlassian/current/logs/access_log." + strftime(now(), "%F") | return source] "GET /browse" | eval headers=split(_raw," ") | eval method=mvindex(headers,5) |eval request=mvindex(headers,6) | where request!="*-" | table request sample Result: /browse/EPS -----> correct result /browse/ISPTEXAS-27534 ----> wrong result ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM