The dojo of Splunk. Learn, share, teach, mentor.

Regex & Search-Time Field Extraction (8)

Sort by:

Discussions	Replies	Latest Activity
Regex For Identifying IP Addresses (To Extract Field) I've tried and failed to extract the IP Address field such that it only includes sets of 4 numbers that are all separated by periods. The… Started by Patrick Swackhammer	13	Apr 6 Reply by Michael Wilde
Need RegEx Help Please! All,I'm a newbie to Splunk and Regular Expressions. I could really use some help creating some Splunk friendly regular expressions that I… Started by James Esposito	5	Apr 6 Reply by Michael Wilde
Timestamping is the bane of my existance I'm working on a quick fix for AS/400 logging and the ability to cleanly report it. I've got all the fields mapped out, but the timestampin… Started by nicholas Lehman	10	Mar 8 Reply by nicholas Lehman
custom time series on x-axis I have a custom app dumping a custom log to file every night that includes all events in that app. Each log entry has a time stamp, but Spl… Started by Jordan Schroeder	2	Feb 15 Reply by Michael Wilde
WinEventLog:Security filter Hi all,i have some problems to filter logs from windows forwarders (not light forwarder). Example: LogName=SecuritySourceName=SecurityEven… Started by bizza	0	Feb 3
Transforms using regex and case insensitivity I have three stanzas in my transforms.conf file--these work as long as the case matches what's in my regex statement. How do I make "produ… Started by Craig Fels	3	Nov. 26, 2009 Reply by Michael Wilde
Splunk equivalent of the nix 'cut -d' ' -f1-5 Hello, I just started playing with splunk. I looked thru the docs and unable to find any commands that allow me to do the nix equivalent… Started by harish	3	Nov. 13, 2009 Reply by Michael Wilde
Extracting fields - first line of a multiline event Yesterday i was having a problem extracting fields out of an event and i was looking to grab everything up until the end of a line, in the… Started by Michael Wilde	0	Apr. 30, 2009