Splunk Search

Fields extraction from access log

pavan_bhumanapa
New Member

I would like to list below log in 8 parts and I'm not sure how to do it in with Regex. Please help me

{Field 1]       {Field 2  }   {Field 3]             [field 4] [field5]   [field6] [field 7][field 8} 
10.16.124.34 - pavan kumar [09/Aug/2011:11:15:11 -0500] "GET /sbconsole/ HTTP/1.1" 302      355 
0 Karma

lguinn2
Legend

If this is an Apache access log, you could simply assign it one of the Apache sourcetypes when you index it:

access_combined would probably work, but access_combined_wcookie might also be an option.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...