7/28/2023 0 Comments Splunk group by regexConsider to have the following web servers: ServA001, ServA002, ServB008, ServB009, ServC001.ĮXAMPLE: Clusters definition rules : RuleA RuleB RuleCĪn ETL task that uses the ‘Moviri – Splunk Web Logs Extractor’, will allow you to import: In order to facilitate the application of cluster rules, two examples are provided. Capturing group are referenced with the syntax %GROUPN (N is the capturing group index). It can be dynamic if regex capturing group are used. If it matches the host is included in the cluster whose name is specified in the next property. Regular expression to be applied on hosts. Following properties are repeated for each rule specified in “Clusters definition rules ” – Semicolon separated list of rules to be applied to aggregate hosts level data into cluster level data A parentship relation will also be created between clusters and hosts. Hosts and clusters: both hosts (web servers) and cluster data needs to be imported.Clusters only: hosts data will be aggregated into clusters according to cluster definition rules.Hosts only: data will be attached to each single web server.Specify which data the connector has to load into CO: Each item of the list can be a regular expression. web servers) that represents the hosts whose data need to be excluded from the extraction. Each item of the list can be a regular expression.Ī semicolon separated list of hosts (i.e. web servers) that represents the only hosts whose data need to be extracted. Empty means no filtering.Ī semicolon separated list of Splunk indexes that represents the indexes to be excluded from the data extraction.Ī semicolon separated list of hosts (i.e. The following are the specific settings valid for connector "Moviri – Splunk Unix-Windows Extractor", they are presented in the "Splunk – Unix and Windows" configuration tab.Ī semicolon-separated list of Splunk indexes that represents the only indexes where to extract data from. The connector only imports data labelled with the supported source types.Īdditionally the connector provides the possibility to aggregate web volumes at the cluster level, specifying some aggregation rules on the basis of single host names. The connector leverages the above-mentioned source types definition, so it is crucial that they are not modified in the Splunk instance the connector will interact with.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |