Splunk Configuration Files : Timestamp extraction using props.conf

  Рет қаралды 13,951

Splunk & Machine Learning

Splunk & Machine Learning

Күн бұрын

Пікірлер: 13
@bhaktisangeet8813
@bhaktisangeet8813 5 жыл бұрын
Sid, can you please upload a video demonstrating how to extract fields using props.conf so you can see the fields while doing searches?
@splunk_ml
@splunk_ml 5 жыл бұрын
Yes that video is in pipeline...I will post it soon
@santhoshig7784
@santhoshig7784 5 жыл бұрын
Hi Sir,I have a log file which has 2 different time stamps.. how to write the TIME_FORMAT in that case? Is it possible to write 2 different time stamps?
@splunk_ml
@splunk_ml 5 жыл бұрын
In this case its better to use two different source types.
@happyBongGirl
@happyBongGirl 5 жыл бұрын
Hi Siddhartha, Can you please make a video on timezone normalization topic.
@splunk_ml
@splunk_ml 5 жыл бұрын
Hi Pritha, Sure...I will create a video for that. Sid
@mamathapanabaka9685
@mamathapanabaka9685 4 жыл бұрын
If we are adding data via Universal forwarder , how can we do this extractions...?
@splunk_ml
@splunk_ml 4 жыл бұрын
The time is extracted where the log data is parsed. You may need to have HF.
@prateekpatro5673
@prateekpatro5673 3 жыл бұрын
Data goes through various stages before getting ingested into Splunk. In this case you must remember that data goes into 'parsing' stage before 'indexing'. In parsing stage you can break your events, extract fields and timestamps etc. Parsing can be taken care in 'Indexers' as well but that may impact your performance. It is better to use HF.
@nishadt
@nishadt 5 жыл бұрын
Hi Siddhartha, If I have 3 CSV files that I am monitoring, one has timestamp field as job_finished and other has time field end_time, my inputs.conf [/*//*.csv] so how I can be define the timestamp_fields for multiple fields from multiple csv , do I need to use transforms.conf
@splunk_ml
@splunk_ml 5 жыл бұрын
Hi Nishad, Yes you need to setup props and transforms.conf for this. Basically for each csv you need to setup different transforms.conf stanzas.
@nishadt
@nishadt 5 жыл бұрын
@@splunk_ml - do you have a video on transforms.conf, with example it would be great!
@splunk_ml
@splunk_ml 5 жыл бұрын
@@nishadt You can refer below videos, kzbin.info/www/bejne/q2bKlImBrtKqras kzbin.info/www/bejne/sHrNlnaPlst_eac kzbin.info/www/bejne/g3rVZamuptSkj5Y kzbin.info/www/bejne/aKbXlGlojd5mh8U
Splunk Configuration Files : Search time field extraction
48:32
Splunk Configuration Files : Search time field extraction
Splunk & Machine Learning
Рет қаралды 30 М.
Splunk Configuration Files : Event line breaking using props.conf
21:40
Splunk Configuration Files : Event line breaking using props.conf
Splunk & Machine Learning
Рет қаралды 23 М.
Apple peeling hack @scottsreality
00:37
Apple peeling hack @scottsreality
_vector_
Рет қаралды 132 МЛН
Допрос | 2 серия | Сериал «Эскорт. Новый вызов» | КОНКУРС
29:32
Допрос | 2 серия | Сериал «Эскорт. Новый вызов» | КОНКУРС
DRAMA PIE
Рет қаралды 979 М.
Остановили аттракцион из-за дочки!
00:42
Остановили аттракцион из-за дочки!
Victoria Portfolio
Рет қаралды 3,6 МЛН
Electric Flying Bird with Hanging Wire Automatic for Ceiling Parrot
00:15
Electric Flying Bird with Hanging Wire Automatic for Ceiling Parrot
Ruhul Shorts
Рет қаралды 85 МЛН
Splunk Getting the data In : How HTTP Event Collector works
33:10
Splunk Getting the data In : How HTTP Event Collector works
Splunk & Machine Learning
Рет қаралды 53 М.
Splunk Commands : How "transaction" command works
36:46
Splunk Commands : How "transaction" command works
Splunk & Machine Learning
Рет қаралды 19 М.
Splunk System Admin Interview Preparation | props.conf and transforms.conf Common Settings
5:06
Splunk System Admin Interview Preparation | props.conf and transforms.conf Common Settings
Lame Creations
Рет қаралды 432
Creating Dashboards in Splunk Enterprise
12:44
Creating Dashboards in Splunk Enterprise
Splunk How-To
Рет қаралды 60 М.
SPLUNK | PART - 76 | Use transformations with props conf and transforms conf | #SPLUNK tutorial
4:59
SPLUNK | PART - 76 | Use transformations with props conf and transforms conf | #SPLUNK tutorial
Tutorials World
Рет қаралды 1,9 М.
Splunk Events and Line breaking in props conf | Tech Tonic with Kiran
14:57
Splunk Events and Line breaking in props conf | Tech Tonic with Kiran
Tech Tonic with Kiran
Рет қаралды 427
Splunk's Index time extractions
11:58
Splunk's Index time extractions
ranjit abraham
Рет қаралды 289
Splunk Indexes Explained | Indexes.conf | Splunk Buckets | Hot, warm, cold, frozen, thawed
37:38
Splunk Indexes Explained | Indexes.conf | Splunk Buckets | Hot, warm, cold, frozen, thawed
Thetips4you
Рет қаралды 13 М.
Splunk Commands : Detail discussion on commands related to multivalue fields
34:24
Splunk Commands : Detail discussion on commands related to multivalue fields
Splunk & Machine Learning
Рет қаралды 20 М.
Splunk Creating Fields Extraction
7:50
Splunk Creating Fields Extraction
Splunk Journey
Рет қаралды 2,4 М.
Apple peeling hack @scottsreality
00:37
Apple peeling hack @scottsreality
_vector_
Рет қаралды 132 МЛН