FAQ Database Discussion Community


regex “something or nothing” match

regex,pcre,splunk
I'm trying to build a regex that will capture the TEXT* from both files below /A/B/C/D/TEXT1/TEXT2.TEXT3.log /A/B/C/D/TEXT1/TEXT2.trc I came out with /A/B/C/D/([^\/]+)/([^\/]+)?(?:\.)?([^\/]+)\.(log|trc) It doesn't work as I expect. Basically, I need to capture all TEXT1, TEXT2, and TEXT3 fields (if they exist) from both examples for further use; if not,...

In Splunk- How can I upload a file larger than 500MB?

logging,splunk
I'm trying to monitor a 3GB log file (IIS advanced log file) in Splunk, but I get an error message: File too large. The file selected is 3174Mb. Maximum file size is 500Mb How can I upload a file larger than 500MB?...

How to get negative lookahead in regex to accept more words

regex,splunk
I am trying to get some data for Splunk. From this: this my line - Fine (R/S) more date - I like this (not) date - output (yes) I like to get all data from - to the end of line, but not the data in parentheses if it contains...

Can we have different log files go to different indexers in Splunk?

splunk,indexer
I have a distributed Splunk deployment with 20 indexers. I have multiple log files to be monitored. I want the log file X to be indexed by indexers 1-15 and the log file Y to be indexed by indexers 16-20. How can this be done? Is it possible at all?...

Logging service allowing simple interface

html,logging,logstash,splunk,logentries
I'm looking to do some dead-simple logging from a web app (client-side) to some remote service/endpoint. Sure, I could roll my own, but for the purpose of this task, let's assume I want an existing service like Logentries/Splunk/Logstash so that my viewers can still log debugging info if my backend...

Is it possible to send logs directly to splunk cloud using JavaScript as Google Analytic does?

javascript,logging,splunk
I want to track some client side interactions using splunk. I want to know whether it is possible using JavaScript to send some information (logs) to splunk cloud directly ? Google analytic does the same ....