Splunk

Splunk snippets collection #

Searching in Splunk with table and regex #

index=*  sourcetype=*  "*Failed to*" 
| rex ".*Failed to(?<groupName1>.{10})(?<groupName2>.{10}).*" 
| table timestamp, groupName1, groupName2, message