当前位置:网站首页>Splunk Filed extraction field interception
Splunk Filed extraction field interception
2022-08-02 07:49:00 【shenghuiping2001】
Some fields in Splunk event need to be artificially defined as a new field, that is to say there is no field in the original event, this can be achieved by splunk field extraction:
1: Go to the event first and click: extact fields:
2: Then click: Regular expression:
3: Select the IP in the event and give it a name: sec_ip
4: See the screen below, then click Next
5: Same way: define a field: sec_user
6: Once defined, test:
7: You can see that there are fields on the left in the above figure: sec_user, sec_ip appear,
Reference Documentation: Extract fields from files with structured data - Splunk Documentation
边栏推荐
猜你喜欢
Analysis of GCC compiler technology
jvm 二之 栈帧内部结构
MQ带来的一些问题、及解决方案
吃透Chisel语言.31.Chisel进阶之通信状态机(三)——Ready-Valid接口:定义、时序和Chisel中的实现
自然语言处理 文本预处理(下)(张量表示、文本数据分析、文本特征处理等)
![(Part of it is not understood, and the notes are not completed) [Graph Theory] Difference Constraints](/img/e0/385579fc8657db8b175318bd739908.gif)
(Part of it is not understood, and the notes are not completed) [Graph Theory] Difference Constraints
21 days learning challenge 】 【 sequential search
实例026:递归求阶乘
Agile, DevOps and Embedded Systems Testing
PWA 踩坑 - 第一次加载页面后无法获取CacheStorage某些资源
随机推荐
mysql操作入门(四)-----数据排序(升序、降序、多字段排序)
OC-Category
结构体大小计算--结构体内存对齐
暑假第五周总结
LeetCode 283. 移动零(简单、数组)
【机器学习】实验2布置:基于回归分析的大学综合得分预测
交换网络----三种生成树协议
“蔚来杯“2022牛客暑期多校训练营5,签到题KBGHFCD
(2022牛客多校五)C-Bit Transmission(思维)
MySQL-FlinkCDC-Hudi实时入湖
About the SQL concat () function problem, how to splice
如何设计静态资源缓存方案
OC-NSNumber and NSValue are generally used for boxing and unboxing
Gradle系列——Gradle插件(基于Gradle文档7.5)day3-2
The second day HCIP
查看端口号占用
线程的创建方式
MPLS的相关技术
【机器学习】实验3布置:贝叶斯垃圾邮件识别
gdalinfo: error while loading shared libraries: libgdal.so.30: cannot open shared object file: No su