The dojo of Splunk. Learn, share, teach, mentor.

Welcome to
splunkninja

Sign Up
or Sign In

Or sign in with:

Videos

Stuff Splunkers Should Know (1) - PerfMon / WMI Collection in Splunk 4.2

Added by Michael Wilde
Splunk + SCOM - Troubleshooting .NET at Lightspeed!

Added by Michael Wilde

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Added by Michael Wilde

Latest Activity

William S and Please... Dee Esssss :-) joined splunkninja

1 hour ago

Amine Recoba is now a member of splunkninja

yesterday

Welcome Them!

Michael Wilde replied to Nikita's discussion Count failures and success via transaction

"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"

Friday

Linus Myrefelt updated their profile

May 22

Marie updated their profile

May 21

Marie is now a member of splunkninja

May 21

Welcome Them!

Jitter and matthew arguin joined splunkninja

May 18

Matthew Carter and Nikita joined splunkninja

May 17

Ferry Leirissa Male Rotterdam The Netherlands Netherlands: Share on Facebook Share on Facebook Share Twitter

Blog Posts
Discussions (5)
Events
Videos

Ferry Leirissa's Apps (1)

Ferry Leirissa's Page

Gifts Received

Ferry Leirissa has not received any gifts yet

Give Ferry Leirissa a Gift

Latest Activity

Ferry Leirissa replied to James Esposito's discussion Need RegEx Help Please!

"Hai Micheal, Whats the total input here, can you sent me it as well? Cause you dont have the fields decribed here now right? What is your advice, to do FORMAT or inline? Cheers Ferry"

Apr 6, 2010

Ferry Leirissa replied to James Esposito's discussion Need RegEx Help Please!

"Hai James, This is syslog right? I am happy to help you, can you sent me a part of the logile? So I have some mass data to doublecheck before twaeking afterwards. Please sent it to leirissa@hotmail.com Thanks Ferry"

Apr 5, 2010

Ferry Leirissa replied to Patrick Swackhammer's discussion Regex For Identifying IP Addresses (To Extract Field)

"Oops paste errors.... * | rex "v630\/(?P\d+\.\d+\.\d+\.\d+)" then you get the IP as a field,,hope this helps! Cheers Ferry"

Mar 17, 2010

Ferry Leirissa replied to Patrick Swackhammer's discussion Regex For Identifying IP Addresses (To Extract Field)

"Hai Patrick, Guest you have to dig into the pre and postfix part : (?i) accepted: (?P.*) means : search for accepted: and put everyting .* after that in FIELDNAME Thist wil not work for the other example....based on that info you have to use…"

Mar 17, 2010

Ferry Leirissa replied to Ziad's discussion Light forwarder sends directly to an Index on the splunk server

"Yes its possible, you can read it on http://www.splunk.com/support/forum:SplunkAdministration/3994 You have to edit the props and transforms (on receive) like : props.conf [host::devhost*] TRANSFORMS-dev =…"

Mar 17, 2010

Ferry Leirissa updated their profile

Mar 14, 2010

Ferry Leirissa updated their profile photo

Mar 14, 2010

Ferry Leirissa is now a member of splunkninja

Mar 14, 2010

Welcome Them!

Profile Information

Are you an existing splunk user?: Licensed

What do you do for your day job?: Consultant

Comment Wall

No comments yet!

You need to be a member of splunkninja to add comments!

Join splunkninja

Badges | Report an Issue | Terms of Service

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use splunkninja.

Please check your browser settings or contact your system administrator.

Videos

Stuff Splunkers Should Know (1) - PerfMon / WMI Collection in Splunk 4.2

Splunk + SCOM - Troubleshooting .NET at Lightspeed!

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Top Content

Count failures and success via transaction

Latest Activity

Ferry Leirissa's Page

Gifts Received

Latest Activity

Profile Information

Comment Wall

You need to be a member of splunkninja to add comments!