The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by healthtrans
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
Regex Troubleshooting
In: SplunkGeneral
(Not tagged)
Ty very much, (?:SENT[^\|]*\||RECVD\|[0-9]{6})(.{4}) was exactly what i needed!
I'm trying to extract a field based on a condition that can change based on a send/response status. ... |
2
|
30 months ago... | |
|
AIX on *Nix
In: SplunkApplications
(Not tagged)
I'm sure that an official Splunk version will come out right after I post this, but I went ahead and ...
|
9
|
34 months ago... | |
|
Search using eval and if not returning correct result
In: SplunkSearchAndAlert
(Not tagged)
Thanks... This works now. I will look into these other commands, especially the 'lookup' idea.
Here is the search I am using: src=192.168.1.0/24 OR src=192.168.2.0/24 | eval location = if(src="192.168.1.*", ... |
2
|
34 months ago... |