Splunk Tips

This is a reference of handy Splunk techniques that don’t (yet) warrant their own note.

Filter entries by regex

| regex field="your regex"

Pull some text out of the result using regex

| rex field=field_to_parse "your regex(?<named_extraction>regex to extract)"

Note: choosing field=_raw is a common choice.

Put results in a table

| table <list of fields>

Note: | table _time, other_field is a common choice.

Notes mentioning this note

Productivity Index
Linux [[Ubuntu Hardening]] [[Systemd]] [[Format and Mount Disks]]