cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
hayashi_ayr728
Engager
Member since: ‎08-24-2022
‎05-18-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎08-24-2022
Activity Feed
Topics I've Started
View All

Help with SEDCMD props.conf

by in Splunk Search
‎08-24-2022 09:29 PM
‎08-24-2022 09:29 PM
Hello. I am in problem. I have  log like this.   1.example.log 2022/08/24 12:04:00,ExampreA,"xxx"xx"xxx"xxxx"xxx"xxxx"xxxxx"   I'd like to replace 「"」 with blank when  transferring logs to Indexer and I'd like to keep the first and last「"」.   I tried edit  config file「props.conf」(Indexer).   #props.conf [sourcetype value] SEDCMD-replacespaces = y/"/ /   Result is that all「"」were replaced 「 」. I want to to capture log like this.(↓)   1.example.log 2022/08/24 12:04:00,ExampreA,"xxx xx xxx xxxx xxx xxxx xxxxx"   Please Any advise. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-18-2023 02:23 AM
Karma given to
View All