Splunk uses “PCRE” Regular expressions, so when you use this tool (and you really should) select that from the dropdown: http://ift.tt/1fMXgx6
Just paste in a sample event and it’ll match it in real time, right before your eyes! Granted, Splunk does have this sort of feature, but honestly, I find it helpful to sort of “back up and out” of what I’m doing in Splunk to solve a problem that’s not strictly a Splunk thing.
No comments:
Post a Comment