Learning, learning, learning . . . Our Splunk "expert" is gone, and the non-programmer gets to learn the task! How do you spell SPLUNK?
The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
Michael Wilde commented on Michael Wilde's video
Sure... When you do group mapping, map them to groups that don't have the domain admins in them. I have a separate OU=Groups that has "Splunk Users, Splunk Admins, Splunk Power Users" as group names, and specific users…
Mike Hartford commented on Michael Wilde's video
I want to give LDAP access to my splunk servcie but I don't want the LDAP users to have admin capabilitys in Splunk. Can I keep the domain admins out of Splunk if I have LDAP authentication???
Mike Hartford left a comment for Jonathan Hawes
Helow Jonathan,
Glad to have another Splunker. I've been useing Splunk for 2 years and am hooked. I leared how to spell splunk and | transaction too. you'll learn that one soon.
Go over to Splunk…
Mike Hartford commented on Mike Hartford's blog post 'tees for the holy day'
Holy Batskins Ninja, zzzzzwap zgruppp kapow a hidden stash, how great is that!!!!
The team that found them must have special bat senses and highly tooned Splunking skills
I like to wear Extra Lovable…
Ferry Leirissa's Page
Gifts Received
Ferry Leirissa has not received any gifts yet
Latest Activity
Ferry Leirissa replied to James Esposito's discussion 'Need RegEx Help Please!'
Hai Micheal,
Whats the total input here, can you sent me it as well?
Cause you dont have the fields decribed here now right? What is your advice, to do FORMAT or inline?
Cheers
Ferry
Ferry Leirissa replied to James Esposito's discussion 'Need RegEx Help Please!'
Hai James,
This is syslog right?
I am happy to help you, can you sent me a part of the logile? So I have some mass data to doublecheck before twaeking afterwards.
Please sent it to leirissa@hotmail.com
Thanks
Ferry
Ferry Leirissa replied to Patrick Swackhammer's discussion 'Regex For Identifying IP Addresses (To Extract Field)'
Oops paste errors....
* | rex "v630\/(?P\d+\.\d+\.\d+\.\d+)"
then you get the IP as a field,,hope this helps!
Cheers
Ferry
Ferry Leirissa replied to Patrick Swackhammer's discussion 'Regex For Identifying IP Addresses (To Extract Field)'
Hai Patrick,
Guest you have to dig into the pre and postfix part :
(?i) accepted: (?P.*) means : search for accepted: and put everyting .* after that in FIELDNAME
Thist wil not work for the other example....based on that info you have to use…
Ferry Leirissa replied to Ziad's discussion 'Light forwarder sends directly to an Index on the splunk server'
Yes its possible, you can read it on http://www.splunk.com/support/forum:SplunkAdministration/3994
You have to edit the props and transforms (on receive) like :
props.conf
[host::devhost*]
TRANSFORMS-dev =…
Ferry Leirissa updated their profile
Ferry Leirissa updated their profile photo
Profile Information
- Are you an existing splunk user?
- Licensed
- What do you do for your day job?
- Consultant
Comment Wall
- No comments yet!
© 2012 Created by Michael Wilde.
