Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About jmartens
jmartens
Path Finder
Member since:
01-08-2015
10-29-2024
Community Statistics
| Posts | 39 |
| Solutions | 3 |
| Karma Given | 2 |
| Karma Received | 2 |
| Member Since | 08-01-2015 |
Activity Feed
- Posted Re: How to remove users from Splunk registered by SAML? on Security. 10-29-2024 02:58 AM
- Posted Re: SAML and logs flooded with warnings: AQR and authentication extensions not supported. Or authentication extensions i on Security. 09-08-2024 11:40 PM
- Karma Re: SAML and logs flooded with warnings: AQR and authentication extensions not supported. Or authentication extensions i for wwangsa_splunk. 09-08-2024 11:38 PM
- Posted Re: SAML and logs flooded with warnings: AQR and authentication extensions not supported. Or authentication extensions i on Security. 05-07-2024 12:38 AM
- Posted Re: SAML and logs flooded with warnings: AQR and authentication extensions not supported. Or authentication extensions i on Security. 05-06-2024 11:14 PM
- Posted Re: SAML and logs flooded with warnings: AQR and authentication extensions not supported. Or authentication extensions i on Security. 02-26-2024 01:55 AM
- Posted SAML and logs flooded with warnings: AQR and authentication extensions not supported. Or authentication extensions is su on Security. 02-25-2024 11:23 PM
- Posted Re: A writeup: KV store / mongo TLS configuration needs serious work on Security. 02-25-2024 11:15 PM
- Karma Re: Why are we receiving this ingestion latency error after updating to 8.2.1? for jswann_splunk. 08-03-2023 01:46 AM
- Posted Re: Why are we receiving this ingestion latency error after updating to 8.2.1? on Splunk Enterprise. 08-03-2023 01:40 AM
- Posted Re: Extract multivalue data to dynamic fields on Splunk Search. 06-12-2023 02:50 AM
- Posted How to extract multivalue data to dynamic fields? on Splunk Search. 06-12-2023 02:46 AM
- Got Karma for Re: mvexpand not extracting all key/value pairs. 03-20-2023 05:25 AM
- Posted Re: mvexpand not extracting all key/value pairs on Splunk Search. 03-20-2023 01:09 AM
- Posted Re: mvexpand not extracting all key/value pairs on Splunk Search. 03-17-2023 12:20 PM
- Posted Why is mvexpand not extracting all key/value pairs? on Splunk Search. 03-16-2023 08:27 AM
- Posted Re: Extract New Field - First x characters on Splunk Search. 02-24-2021 05:17 AM
- Posted Re: Extract New Field - First x characters on Splunk Search. 02-24-2021 05:16 AM
- Posted Re: Extract New Field - First x characters on Splunk Search. 02-24-2021 04:29 AM
- Posted Re: Extract New Field - First x characters on Splunk Search. 02-24-2021 04:21 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-29-2024
02:58 AM
Although removing through REST probably works I find it easier to do it this way: edit the configuration file in SPLUNK_INSTALL_DIR\etc\system\local\authentication.conf Naviate to Settings > Authentication methods > reload authentication configuration
... View more
09-08-2024
11:40 PM
@wwangsa_splunk Thanks very much for the update, but AFAICT the current release is already 9.3.0 Is it also incorporated in that branch?
... View more
05-07-2024
12:38 AM
That is no relevant to my case since I have no orphaned knowledge base items. Just checked with the instruction from the knowledge base and even with all filters set to 'All' the list turns up empty.
... View more
05-06-2024
11:14 PM
No, unfortunately not. It is bothering but can be worked around by using Splunk itself to analyze the logs and ignore that message at search time. This will show all messages w/o INFO and the before mentioned messages: index="_internal" sourcetype=splunkd NOT INFO NOT "AQR and authentication extensions not supported. Or authentication extensions is supported but is used for tokens only"
... View more
02-26-2024
01:55 AM
By now found out that creating the user `nobody` is not allowed by Splunk, it throws the following error when creating such a user: Create user: The user="nobody" is reserved by the splunk system
... View more
02-25-2024
11:23 PM
We have enabled Microsoft SAML for Splunk and out splunkd.log seems to be flooded with warnings like this: WARN UserManagerPro [7456 SchedulerThread] - AQR and authentication extensions not supported. Or authentication extensions is supported but is used for tokens only. user=nobody information not found in cache Found a few threads on AQR: - https://community.splunk.com/t5/Monitoring-Splunk/What-is-quot-AQR-quot-and-why-is-it-throwing-warning-messages-in/m-p/347016/highlight/true#M3064 - https://community.splunk.com/t5/Security/How-do-you-resolve-splunk-log-error-messages-after-switching/m-p/354479/highlight/true#M8882 Also the documentation on authentication.conf does not help me much. It seems the only way is to create a low level user (same as mentioned in the error) to suppress the error, which seems doable but I doubt this is the best way and unsure of side effects? Does any of you know more?
... View more
- Tags:
- warnings. logs
Labels
- Labels:
-
authentication
-
SAML
02-25-2024
11:15 PM
@skalliger wrote: How did I find all of that? I have developed an app which gives an overview of the Splunk environment's mitigation status against current Splunk Vulnerabity Disclosures (SVDs) as well as recommended best practice encryption settings. Nice work @skalliger . Is this app publically available? I would be interested in this functionality.
... View more
08-03-2023
01:40 AM
Still suffering the same in 9.10.2. Is the bug already fixed or do we still need to apply this fix to silence the message? Apart from that does this disable ingestion latency warnings and do we need to monitor it another way? Can you shed some light on this @jswann_splunk ?
... View more
06-12-2023
02:50 AM
After some more searching I stumbled on mvexpand and had to add it to expand the temp field like this: | makeresults
| eval DICOMQuery="(0008,0052) Query/Retrieve Level [SERIES] | (0010,0020) Patient ID [1234567] | (0020,000D) Study Instance UID [1.2.34.567890.12.3456.789.123456.7.20230501130047.4915859] | (0020,000E) Series Instance UID [1.2.345.678.90.1.23456789012.34567890.20230508110959]"
| eval temp=split(DICOMQuery,"|")
| mvexpand temp
| rex field=temp "(?<DICOMGroup>([\dA-Fa-f]{4})),\d?(?<DICOMElement>([\dA-Fa-f]{4}))\)\s+(?<DICOMLabel>[^\[]+)\s\[(?<DICOMValue>[^\]]+)\]"
| eval {DICOMLabel}=DICOMValue
| fields - DICOMQuery DICOMLabel, DICOMValue temp
... View more
06-12-2023
02:46 AM
I am trying to extract multi value fields and set dynamic fields with values based on the extracted data. I am able to extract the data but am unable to do the last part and generate dynamic fields, only the first is generated:
| makeresults
| eval DICOMQuery="(0008,0052) Query/Retrieve Level [SERIES] | (0010,0020) Patient ID [1234567] | (0020,000D) Study Instance UID [1.2.34.567890.12.3456.789.123456.7.20230501130047.4915859] | (0020,000E) Series Instance UID [1.2.345.678.90.1.23456789012.34567890.20230508110959]"
| eval temp=split(DICOMQuery,"|")
| rex field=temp "(?<DICOMGroup>([\dA-Fa-f]{4})),\d?(?<DICOMElement>([\dA-Fa-f]{4}))\)\s+(?<DICOMLabel>[^\[]+)\s\[(?<DICOMValue>[^\]]+)\]"
| eval {DICOMLabel}=DICOMValue
| fields - DICOMQuery DICOMLabel, DICOMValue temp
Which yields the following:
It seems I am nearly there, but I fail to get them as individual searchable fields which is what I am after. Any pointers?
... View more
Labels
- Labels:
-
other
03-20-2023
01:09 AM
1 Karma
I had indeed resolved it using in the mean time: | extract pairdelim="," kvdelim="=" clean_keys=t
... View more
03-17-2023
12:20 PM
@richgalloway wrote: We know it can't be a multi-value field because the rex command does not use the max_match option, which means only the first match of the regex will be extracted. I don't see why the regex here is such a proof. The `rex` is used to extract two named fields, of which the latter contains the values I am after and is assigned to values. I see no reason why `max_match` is even relevant here. @richgalloway wrote: What is the end goal of this query? The mvexpand command puts each value of a multi-value field into a new event - is that what is desired? The end goal is to extract all values (as per column headings from the results in my screenshot) from value field extracted using the regular expression and assigning them to the event so I can process and plot these values.
... View more
03-16-2023
08:27 AM
I am trying to expand multiple fields from specific log lines using mvexpand but for some strange reason some fields are not extracted as expected, see screenshot for an example:
I would also like to have the key/value pairs for col and gantry.
... View more
- Tags:
- mvexpand
Labels
- Labels:
-
field extraction
02-24-2021
05:17 AM
This is an oversimplification. In searches you can search on any field you like, but you will have to define them if you are not using a default sourcetype. Relying on _raw and extracting all your fields from there at search time is cumbersome and not future proof.
... View more
02-24-2021
05:16 AM
I really suggest you read up on how to get data in. If you continue on this path you will have to redo a lot off work and will not benefit very much from your data. Even though you accepted the answer pointing you to the _raw event using SPL and text filtering is not the wat to get data in robustly for the future. It all starts with getting your data in in a ordered and structured way, hence my link to the primer on Getting data in. You first need to setup your sourcetype correctly as I mentioned earlier, get all your data in to one event if it is concerning one entity. From there define fields to be extracted at index time. These fields can than be (re-)used when searching and reporting. Creating your fields each time in the query window (e.g. in your SPL query) is cumbersome and not future proof. When defining your sourcetype you can then also set other stuff like custom delimiters so key value pair extraction might be done for up you (automatically/automagically), for instance extracting the values after the colon in your screenshots. Once agian, do yourself a favour and invest in a proper start, it will gain you time and joy in the long run. 😄
... View more
02-24-2021
04:29 AM
Did you even try bother reading the documentation section I referred to? The second example in the examples section more or less handles your case of one event running over multiple lines where each line is prepended with a timestamp.
... View more
02-24-2021
04:21 AM
You don't need a regular expression for that, substring will do perfectly well.
... View more
02-24-2021
04:19 AM
I think you also need to revisit your sourcetype configuration as it seems to split you log entry in (at least) three lines judging from your image. I am assuming that all three lines should be in one event and you want to extract fields from there. This way it is hardly impossible to correlate data to one event concerning your image. As a start you might want to take a look at the Getting data in primer, especially the section on Configure event line breaking
... View more
02-24-2021
04:12 AM
Can you post some example data and an example of desired results? I think your current question is kind of cryptic. From what I could make of it you might be better of using one of Splunks text functions for instance substr: As a simple example: | makeresults
| eval test=substr("string", 1, 3) Which should create a dummy test event with a field test with the value 'str' (first three characters of the text 'string')
... View more
02-24-2021
03:38 AM
Assuming the field is always starting with 'SourceSystem=' and ending with a comma (,) you could do this: | rex field=_raw "sourceSystem=(?<field_name>[^,]+)" But as additional advice it seems your data is JSON you might be better of using spath to extract your field(s) or even better configure your sourcetype correctly using props.conf and INDEXED_EXTRACTIONS=json or KV_MODE=json For details see the Getting data in primer especially Extract fields from files with structured data. As an example of what you could do here is a run very-where example: | makeresults count=2
| streamstats count
| eval _raw=case(count=1, "{\"timestamp\":\"2021-02-24T00:00:46.533+00:00\",\"message\":\"Snapshot event published: SnapshotEvent(status=CREATED, version=SnapshotVersion(sourceSystem=zvkk, source=sdp\/deposits\/zvkk\/2021-02-24\/NextBusinessDays\/Snapshot1, entityType=NEXT_BUSINESS_DAYS, date=2021-02-24, version=1, snapshotSize=5, uuid=8683aa33-3a6c-4087-9cdd-3084d8e70147, holiday=false))\",\"component\":\"com.db.sdda.dc.kafka.service.SnapshotEventNotifyService\",\"thread\":\"scheduling-1\",\"level\":\"INFO\"}", count=2, "{\"timestamp\":\"2021-02-23T20:56:37.797+00:00\",\"message\":\"Snapshot event published: SnapshotEvent(status=CREATED, version=SnapshotVersion(sourceSystem=IDMS-0781, source=sdp\/deposits\/IDMS-0781\/2021-02-23\/FacilityLimit\/Snapshot1, entityType=FACILITY, date=2021-02-23, version=1, snapshotSize=15168, uuid=016cc1ad-8c27-4144-a9d2-c0233cc1e450, holiday=false))\",\"component\":\"com.db.sdda.dc.kafka.service.SnapshotEventNotifyService\",\"thread\":\"scheduling-1\",\"level\":\"INFO\"}")
| spath path=message
| eval backup=_raw
| eval _raw=message
| extract
| eval _raw=backup
| rename backup as _raw The first lines are to mimic your example, then there is a spath extraction (since I did not bother creating a proper sourcetype configuration) to extract the message part using: | spath path=message Then we need to do some backing up of the raw event as extract only operates on the raw event so we copy _raw to backup, assign message to _raw: | rename _raw as backup message as _raw Now we can run an extract command as you data is already in the default key = value pair format: | extract And then revert our rename command to have our original values again: | rename _raw as message backup as _raw
... View more
02-24-2021
03:22 AM
Situation I am trying to parse events with an unrestricted number of key value pairs that might also include empty values at some places. I would like to extract the part between the closing parenthesis and opening square bracket as the field name without spaces (but don't want them replaced by underscores) This is an example of such data: 2021-02-24 10:02:31 Local0 Info 10:02:31:346 VARC-DCM-01.ad.maastro.nl MAASTRO\VARC-DCM-01$|80012|DICOM Service VARC_DCM_SCP_SVC_Export 021556/Export requested for object with key: (0008,0008) Image Type [DERIVED] | (0008,0016) SOP Class UID [1.2.840.10008.5.1.4.1.1.481.1] | (0008,0022) Acquisition Date [20210223] | (0008,0023) Content Date [20210223] | (0008,0032) Acquisition Time [184740.207] | (0008,0033) Content Time [184740.208] | (0008,1150) Referenced SOP Class UID [1.2.840.10008.5.1.4.1.1.481.5] | (0020,0013) Instance Number [1] | (300C,0002) Referenced RT Plan Sequence [Mergecom.MCitem] | (300C,0006) Referenced Beam Number [1] | (300E,0002) Approval Status [] Working solution using SPL Using this SPL expression (inspired by the example in this question on multiple field extraction) : | eval backup=_raw
| rex max_match=0 mode=sed "s/(?:(?:\s\|)?\s)\((?<g>[\da-fA-F]{4}),(?<e>[\da-fA-F]{4})\)\s+(?<k>(?:\w+(?:\s*))+)\[(?<v>[^\]]*)\]/\3=\"\4\",/g"
| rex mode=sed "s/\s//g"
| extract pairdelim=":," kvdelim="="
| rename backup AS _raw I am able to translate this to my desired outcome: Image Type Derived SOP Class UID 1.2.840.10008.5.1.4.1.1.481.1 Referenced Beam Number 1 Approval Status Example in SPL (for testing) Here is a working example to help with testing: | makeresults
| eval _raw="2021-02-24 10:02:31 Local0 Info 10:02:31:346 VARC-DCM-01.ad.maastro.nl MAASTRO\VARC-DCM-01$|80012|DICOM Service VARC_DCM_SCP_SVC_Export 021556/Export requested for object with key: (0008,0008) Image Type [DERIVED] | (0008,0016) SOP Class UID [1.2.840.10008.5.1.4.1.1.481.1] | (0008,0022) Acquisition Date [20210223] | (0008,0023) Content Date [20210223] | (0008,0032) Acquisition Time [184740.207] | (0008,0033) Content Time [184740.208] | (0008,1150) Referenced SOP Class UID [1.2.840.10008.5.1.4.1.1.481.5] | (0020,0013) Instance Number [1] | (300C,0002) Referenced RT Plan Sequence [Mergecom.MCitem] | (300C,0006) Referenced Beam Number [1] | (300E,0002) Approval Status []"
| eval backup=_raw
| rex max_match=0 mode=sed "s/(?:(?:\s\|)?\s)\((?<g>[\da-fA-F]{4}),(?<e>[\da-fA-F]{4})\)\s+(?<k>(?:\w+(?:\s*))+)\[(?<v>[^\]]*)\]/\3=\"\4\",/g"
| rex mode=sed "s/\s//g"
| extract pairdelim=":," kvdelim="="
| rename backup AS _raw Question Now I would like to transfer this to configuration files but I am unsure what to add where. I am guessing the regular expression goes in to tokenizer.conf based on this post but not sure when combined with the sed command. Normally SED commands I would put the SED commands into the transforms.conf file but how do I prevent them from applying to all evens? The events like the one processed in the example is only a subset of the events in the index and sourcetypes in there. The pairdelim and kvdelim are overrides to the default ones from the sourcetype configuration, not sure where to put this either. Can someone guide me here? Is there some sort of sequence I can configure like the one in SPL to apply to specific events? How would I go about filtering out these events?
... View more
Labels
- Labels:
-
field extraction
12-10-2020
01:10 AM
Eventually I was able to solve it using redirection of the _raw event with a custom string and parsing that with extract, making sure to use custom delimters not present in my dataset like this: index="test"
| eval temp=_raw
| rex max_match=0 field=_raw "(?<k1>[^\|]+)\|(?<k2>[^\|]+)\|(?<v>[^\|]+)[\|]?[\r\n]+"
| eval _raw=mvjoin(mvzip(mvzip(trim(k1), trim(k2), " "), trim(v), "#"), "@")
| extract pairdelim="@" kvdelim="#" clean_keys=f
| eval _raw=temp
... View more
12-09-2020
11:49 PM
I am trying to extract multiple key value pairs from data like this: Image |Loading |\path\to\obfuscated\\CT_384.dcm
------------------------------------------------------------------------------------------------
Image |Photometric Interpretation
|MONOCHROME2 |
Image |Compression |EXPLICIT_LITTLE_ENDIAN (with metaheader)
Series |Creation... | |
Image |Image width [mm] |512 |
Image |Image height [mm] |512 |
Image |Bit-Depth |BLuint16 |
Image |Row Vector [mm] |(1/0/0) |
Image |Column Vector [mm] |(0/1/0) |
Image |Image Position [mm] |(-249.512/-504.512/-226.5) |
Image |PixelsizeX [mm] |0.976563 |
Image |PixelsizeY [mm] |0.976563 |
Image |Img Orientation Info |axial; RL: 0.000°, AP: 0.000°, HF: -90.000°; normal: 0.000°; Orientation supported
Image |Horizontal flip |1 |
Image |Vertical flip |0 |
Image |Brainlab Subsystem |[OK] |
Image |InstNumber/BLScanNum |170 |
Image |Series number |0 |
Image |Instance UID |1.3.12.2.1107.5.1.4.53031.000000000000000000001
Image |Study UID |1.3.12.2.1107.5.1.4.53031.000000000000000000001
Image |Series UID |1.3.12.2.1107.5.1.4.53031.000000000000000000000
Image |BitsAllocated |16 |
Image |PatientOrientation |Supine |
Image |HeadFeetOrientation |HeadFirst |
Image |Modality |CT |
Image |SliceThickness [mm] |1 |
Image |AcquisitionID |2 |
Image |FrameOfRefUID |1.3.12.2.1107.5.1.4.53031.000000000000000000009
Image |ScanDate |10-AUG-2009 |
Image |ScanTime |093806.140000 |
Image |Manufacturer |SIEMENS |
Image |Manufacturer model |Sensation 10 |
Image |Institution name |Maastro Clinic |
Image |Station name |MEDPC |
Image |Software Versions |syngo CT 2006G |
Image |Comment |Head^ST_Head1mmCONTRAST (Adult); CT10082009093806:Head 1.0 B31s; ST_Head1mmCONTRAST; CHEST
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------ So far I have tried the following: index="test"
| rex max_match=0 field=_raw "(?<k1>[^\|\s]+)\s+\|(?<k2>[^\|]+)\|(?<v>[^\|]+)[\|]?[\r\n]"
| eval z=mvzip(mvzip(trim(k1), trim(k2), " "), trim(v), "~")
| mvexpand z
| rex field=z "(?<key>[^~]+)~(?<value>.*)"
| eval {key} = value It yields desired results for key-value pairs, but each individual key value pair is assigned to an individual copy of the event, thus generating a cross product of events and extracted keys. I don't want that. I want all extractions to be tied to the unique event they are extracted from. So I tried this: index="test"
| rex max_match=0 field=_raw "(?<k1>[^\|]+)\|(?<k2>[^\|]+)\|(?<v>[^\|]+)[\|]?[\r\n]+"
| eval key=mvzip(trim(k1), trim(k2), " ")
| eval {key}=v Which extracts the key and values properly, but when trying to evaluate the key=value statement it merges all key values into the field name and assigns each individual value to it, so now I have separate values but no unique keys and my key looks like this: Image Loading Image Photometric Interpretation Image Compression Image Image width [mm] Image Image height [mm] Image Bit-Depth Image Row Vector [mm] Image Column Vector [mm] Image Image Position [mm] Image PixelsizeX [mm] Image PixelsizeY [mm] Image Img Orientation Info Image Horizontal flip Image Vertical flip Image Brainlab Subsystem Image InstNumber/BLScanNum Image Series number Image Instance UID Image Study UID Image Series UID Image BitsAllocated Image PatientOrientation Image HeadFeetOrientation Image Modality Image SliceThickness [mm] Image AcquisitionID Image FrameOfRefUID Image ScanDate Image ScanTime Image Manufacturer Image Manufacturer model Image Institution name Image Station name Image Software Versions Image Comment How can I get the best of both? evaluated keys from search time extraction value assigned to the proper key all key-value pairs connected to the unique individual event
... View more
Labels
- Labels:
-
eval
-
field extraction
-
regex
01-17-2020
05:32 AM
I can extract multi value fields from a field in events like these:
079184/Query key: ((0008,0016)) SOP Class UID [1.2.840.10008.5.1.4.1.1.481.3] | ((0008,0018)) SOP Instance UID [1.2.246.352.71.4.32219573436.547832.20200108135355] | ((0008,0052)) Query/Retrieve Level [IMAGE] For details see: \\REDACTED.log
And assign them to fieldnames extracted from the search results like this:
| makeresults | eval message="079184/Query key: ((0008,0016)) SOP Class UID [1.2.840.10008.5.1.4.1.1.481.3] | ((0008,0018)) SOP Instance UID [1.2.246.352.71.4.32219573436.547832.20200108135355] | ((0008,0052)) Query/Retrieve Level [IMAGE] For details see: \\REDACTED.log"
| rex field=message "(?<DICOMQueryKeys>\(\(.*])"
| makemv delim="|" DICOMQueryKeys
| mvexpand DICOMQueryKeys
| rex field=DICOMQueryKeys "\(\((?<DICOMQueryItem>(?<DICOMQueryFieldGroup>\w+),(?<DICOMQueryFieldElement>\w+))\)\)\s+(?<DICOMQueryFieldText>.*(?=\s+\[))\s+\[(?<DICOMQueryFieldValue>[^]]+)"
| eval DICOMQueryFieldText=replace(DICOMQueryFieldText,"\W","")
| eval {DICOMQueryFieldText}=DICOMQueryFieldValue
| fields - DICOMQueryKeys, DICOMQueryFieldValue
| table DICOMQueryFieldText, DICOMQueryItem, DICOMQueryFieldGroup, DICOMQueryFieldElement, QueryRetrieveLevel, SOPInstanceUID, SOPClassUID
So that I can use the textual labels as fields in Splunk see below:
I know how to register the first field extraction in the first line of above statements, but am unsure on how to add the subsequent statements to splunk so they are available to all users as fields when writing queries.
Where do I enter the makemv and mvexpand statements?
Should I use a series of subsequent transformations for the eval statements and subsequent regular expression field extractions?
How do I remove intermediate fields so users are not seeing them?
Any guidance and advice is much appreciated.
... View more
07-23-2018
06:50 AM
I am looking for a solution to extract certain types of UIDs and therefore defined a basic UID field extraction: (?<UID>\d+(?:\.\d+)+)
as it nicely matches my UID's in forms like 1.2.3454.324234.123.123.1111 etc.
Since there are different type of UIDs in my data I would now like to reuse the UID I defined to extract the UIDs and assign them to a new field, for instance I would like to extract the UID from below and assign it to SOPInstanceUID within the same app:
Processing C-STORE-RQ for SOP Class 'STANDARD_RT_IMAGE' and SOP Instance UID '1.2.246.352.62.1.4620745920092066496.17329666369531438486'
Is it possible to reuse my already defined UID and do something like a regex like this: SOP\sInstance\sUID\s\'(?<SOPInstanceUID>UID)'
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-29-2024
06:24 AM
|
