How do I get Sampledata.zip indexed into Windows based Splunk?

Question

Hi

I was trying to go thru Splunk Tutorial, but now I am having trouble in getting sampledata.zip indexed using the host regex shown in the Splunk Tutorial page. My Splunk is on Windows.

Sampledata.zip:./([^/]+)/

http://docs.splunk.com/Documentation/Splunk/latest/User/Adddatatutorial

Is this regex good for Windows Splunk?

Thanks,

Accepted Answer

0

In 4.3.2, I confirmed this is working for both type of OS.

For Unix OS : Sampledata.zip:./([^/]+)/
For Windows ： Sampledata.zip:.\\([^/]+)/

** The regex in Tutorial Doc is not working, be careful.

link

answered 25 Jun '12, 07:11

melonman
1.2k●2●3●20
accept rate: 54%

edited 25 Jun '12, 07:12

Answer 2

1

No as path where it will be extracted will be \ rather than / then try :

Sampledata\.zip:.\\([^\\]+)\\

link

answered 02 May '12, 00:29

MarioM
2.7k●4●7
accept rate: 20%

edited 02 May '12, 00:40

I saw regex for windows in tutorial, thank you!

(04 Jun '12, 05:37) melonman

Well, the regex in tutorial is not working.

(25 Jun '12, 06:40) melonman

How do I get Sampledata.zip indexed into Windows based Splunk?

Follow this question

Splunk Resources

Related questions