https://community.splunk.com/t5/Getting-Data-In/WindowsUpdateLog/m-p/98660#M20632 <P>Found the problem.<BR /> The fields objects (transform and report) where by default configured in App context only so did not work on the Search app.<BR /> Changing the relevant objects to Global makes it work as expected.</P> Tue, 23 Jul 2013 08:47:07 GMT yuvalba 2013-07-23T08:47:07Z https://community.splunk.com/t5/Getting-Data-In/WindowsUpdateLog/m-p/98659#M20631 <P>Hi,<BR /> I have Splunk for Windows installed and want to check the WindowsUpdate log.<BR /> I am receiving the log correctly and have setup sourcetype to be WindowsUpdateLog as needed.<BR /> However I don't have any fields extracted.<BR /> I tested by applying the transform pid-tid-component_for_windowsupdatelog manually as:</P> <PRE><CODE>rex "^\S+\s+\S+\s+(?&lt;pid&gt;\S+)\s+(?&lt;tid&gt;\S+)\s+(?&lt;component&gt;\S+)" </CODE></PRE> <P>And the fields are extracted correctly.<BR /> Why aren't they being extracted on regular search? I must be missing something...<BR /> Thanks</P> Mon, 28 Sep 2020 14:22:25 GMT https://community.splunk.com/t5/Getting-Data-In/WindowsUpdateLog/m-p/98659#M20631 yuvalba 2020-09-28T14:22:25Z https://community.splunk.com/t5/Getting-Data-In/WindowsUpdateLog/m-p/98660#M20632 <P>Found the problem.<BR /> The fields objects (transform and report) where by default configured in App context only so did not work on the Search app.<BR /> Changing the relevant objects to Global makes it work as expected.</P> Tue, 23 Jul 2013 08:47:07 GMT https://community.splunk.com/t5/Getting-Data-In/WindowsUpdateLog/m-p/98660#M20632 yuvalba 2013-07-23T08:47:07Z https://community.splunk.com/t5/Getting-Data-In/WindowsUpdateLog/m-p/98661#M20633 <P>Why can't I edit my post?<BR /> Whem I try to edit the title and save, it say "This field is required" under "update summary" although I fill it up.</P> Tue, 23 Jul 2013 08:50:37 GMT https://community.splunk.com/t5/Getting-Data-In/WindowsUpdateLog/m-p/98661#M20633 yuvalba 2013-07-23T08:50:37Z