Getting Data In

How to filter out data after specific event?

haph
Path Finder

Hi,

I'm trying to filter out data after a specific event occurs.

I want to drop all of the search data to display in a timechart, after a this specific event.
The event (and all other data) is in the shape
{
"name": "NAME",
"value": "VALUE"
}

If the value from name=specific_name changes from 0 to 1 I want to drop all data after this change.

How can I do that?

If you need more information please ask! 🙂

Thanks!

0 Karma

sbattista09
Contributor

i think this answer may help, its should be a quick props.conf and transforms.conf setting, we do this to filter out huge debug logs and other things application owners cant adjust on there side.

https://answers.splunk.com/answers/223818/how-to-write-the-regex-in-transformsconf-to-filter.html

0 Karma

somesoni2
Revered Legend

More information plz. Assuming this NOT filtering of events from being ingested but rather doing a search time filter in your search. Please provide details about how your data looks (may be real data), what you're getting now and what you expect.

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...