Splunk is a software that enables an individual to monitor, search, visualize and also to analyze machine generated data (best example are application logs, data from websites, database logs for a start) to big-data using a web styled interface. It is an advanced software that indexes and searches log files stored on a system or the like, alongside to that, it is a scalable and potent software. Splunk bridges the gaps which a single simple log management software or a security information product or a single event management product can manage all by themselves.
The Splunk command provided will either extract fields by the use of regular expression named groups or replace characters of fields using the UNIX stream editor (sed) expressions. If a field is not specified then the provided regular expression will be applied on the _raw field, which will definitely have a performance hit.
Let us now look at the syntax and then we will try to understand more about each and every parameter that can be used in conjunction with the rex command.
Related Page: Splunk Regex Cheatsheet
Related Page: Splunk Enterprise Security
Check Out Splunk Tutorials
In this article, we have tried to demystify what Splunk can do as a standalone software and where its usages can be. We have also tried to understand how to use Splunk’s rex command to extract data or substitute data using regular expressions.
Hope this article has provided all the necessary details for you to understand the concept altogether. If you are willing to look for more details on this topic, we suggest you to go through the Splunk documentation (the mother of all possible related documentations available online).
Free Demo for Corporate & Online Trainings.