In my log file there is a uid/ email field. The splunk search should not display/ignore result if the email domain is for example google, yahoo. Splunk should display result associated with mydomain.
If thelog have ..... uid = myname@mydomain.com.......uid = myname@gmail.com...... uid= mail@yahoo.com..... uid = mail@aol.com......uid=null
The splunk search should spit out uid = myname@mydomain.com. How to do this? Help! help!
Hello
First, if you havent done it yet, you need to extract the email field. Using the regex command, for example:
..| regex "(?<email>[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z0-9]+)" | ...
Then you need to filter the results with
..| search email="*@mydomain.com" | ...
Regards
Hello
First, if you havent done it yet, you need to extract the email field. Using the regex command, for example:
..| regex "(?<email>[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z0-9]+)" | ...
Then you need to filter the results with
..| search email="*@mydomain.com" | ...
Regards
Thanks for your regx to extract only the email. Your answer is perfect. But I asked the question differently. My bad. It helped.
But how do i use it in Dashboard? Do i need to have escape character for (?