Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Routing to 3rd party

a212830
Champion
‎01-22-2014 07:10 AM

Hi,

I need to route specific messages that come into Splunk to another destination via syslog. I have the props/transforms, but need help with the REGEX. I need to send any event that has "Session started" or "Session ended". Not sure how to wildcard that...

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎01-22-2014 09:08 AM

A regex of (Session started|Session ended) should meet your need. You can also test things like this out at regexr.com

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎01-22-2014 09:08 AM

A regex of (Session started|Session ended) should meet your need. You can also test things like this out at regexr.com

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...