Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Splunk 7 Essentials, Third Edition Demystify machine data by leveraging datasets, building reports, and sharing powerful insights

Product type Paperback

Published in Mar 2018

Publisher Packt

ISBN-13 9781788839112

Length 220 pages

Edition 3rd Edition

Languages

C++

Tools

Splunk

Concepts

Operational Intelligence

Authors (4):

Erickson Delgado

Steven Koelpin

J-P Contreras

Betsy Page Sigman

View More author details

Table of Contents (10) Chapters

Preface

1. Splunk – Getting Started

2. Bringing in Data FREE CHAPTER

3. Search Processing Language

4. Reporting, Alerts, and Search Optimization

5. Dynamic Dashboarding

6. Data Models and Pivot

7. HTTP Event Collector

8. Best Practices and Advanced Queries

9. Taking Splunk to the Organization

Search command – rex

The rex or regular expression command is extremely useful when you need to extract a field during search time that has not already been extracted automatically. The rex command even works in multi-line events. The following sample command will get all versions of the Chrome browser that are defined in the highlighted user agent string part of the raw data. Let's say this is your raw data, and you need to get the highlighted value:

016-07-21 23:58:50:227303,96.32.0.0,GET,/destination/LAX/details,-,80, 
-,10.2.1.33,Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) 
AppleWebKit/537.36 (KHTML; like Gecko) Chrome/29.0.1547.76 
Safari/537.36,500,0,0,823,3053

You can use this search command to get it:

SPL> index=main | rex field=http_user_agent 
     "Chrome/(?<Chrome_Version>.+?)?Safari" | top Chrome_Version

The rex command extracted...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (4)

J-P Contreras

J-P Contreras, a Splunk-certified administrator and sales engineer, has delivered value-oriented data analytics and performance planning solutions for 20+ years. He has built award-winning consulting teams to help companies turn data into analytical insights. He helps companies implement Splunk and enjoys everything the Splunk community offers. He received his MBA in e-commerce from DePaul University's Kellstadt Graduate School of Business, Chicago, in 2001. He trains in DePaul's Continuing Education Program and is a member of DePaul's Driehaus School of Business Advisory Board. He'd like to thank his family, especially his wife and children, and close friends for making life so enjoyable.

See other products by J-P Contreras

Steven Koelpin

See other products by Steven Koelpin

Erickson Delgado

Erickson Delgado is an enterprise architect who loves to mine and analyze data. He began using Splunk in version 4.0 and has pioneered its use into his current work. He has worked with start-up companies in the Philippines to help build their open source infrastructure. He has developed applications with Python and node.js and is interested in Go and recovering programming with C/C++. In the recent years, he engaged himself in employing DevOps in his work. He blows off steam by saltwater fishing, mountain biking, crafting robots, and touring the country. He lives in Orlando.

See other products by Erickson Delgado

Betsy Page Sigman

Betsy Page Sigman is a distinguished professor at the McDonough School of Business at Georgetown University in Washington, D.C. She has taught courses in statistics, project management, databases, and electronic commerce for the last 16 years, and has been recognized with awards for teaching and service. She has also worked at George Mason University in the past. Her recent publications include a Harvard Business case study and a Harvard Business review article. Additionally, she is a frequent media commentator on technological issues and big data.

See other products by Betsy Page Sigman