topic Re: Field extract NOT search. in Splunk Search https://community.splunk.com/t5/Splunk-Search/Field-extract-NOT-search/m-p/415079#M119513 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/4633">@khyoung7410</a> ,</P> <P>Try named groups</P> <PRE><CODE>|makeresults|eval A=123456789 |rex field=A "(?&lt;A_1&gt;[0-9]{3})(?&lt;A_2&gt;[0-9]{3})(?&lt;A_3&gt;[0-9]{3})" </CODE></PRE> <P>This should result three fields A_1,A_2,A_3 and you can search <CODE>where A_1=123</CODE></P> Tue, 29 Sep 2020 22:52:59 GMT renjith_nair 2020-09-29T22:52:59Z Field extract NOT search. https://community.splunk.com/t5/Splunk-Search/Field-extract-NOT-search/m-p/415078#M119512 <P>Hi <BR /> My data format is as follows.<BR /> A=123456789<BR /> Field was extracted for every three digits from field A.<BR /> My field extract</P> <BLOCKQUOTE> <P>A=(?P[0-9]{3})(?P[0-9]{3})(?P[0-9]{3}) <BR /> New field name is A_1, A_2, A_3</P> </BLOCKQUOTE> <P>The field is extracted but not searched by A_1=123.<BR /> My search Ex<BR /> index=main sourcetype=test A_1="123" <BR /> search not running.....</P> Tue, 29 Sep 2020 22:50:53 GMT https://community.splunk.com/t5/Splunk-Search/Field-extract-NOT-search/m-p/415078#M119512 khyoung7410 2020-09-29T22:50:53Z Re: Field extract NOT search. https://community.splunk.com/t5/Splunk-Search/Field-extract-NOT-search/m-p/415079#M119513 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/4633">@khyoung7410</a> ,</P> <P>Try named groups</P> <PRE><CODE>|makeresults|eval A=123456789 |rex field=A "(?&lt;A_1&gt;[0-9]{3})(?&lt;A_2&gt;[0-9]{3})(?&lt;A_3&gt;[0-9]{3})" </CODE></PRE> <P>This should result three fields A_1,A_2,A_3 and you can search <CODE>where A_1=123</CODE></P> Tue, 29 Sep 2020 22:52:59 GMT https://community.splunk.com/t5/Splunk-Search/Field-extract-NOT-search/m-p/415079#M119513 renjith_nair 2020-09-29T22:52:59Z Re: Field extract NOT search. https://community.splunk.com/t5/Splunk-Search/Field-extract-NOT-search/m-p/415080#M119514 <P>Hi renjith.nair</P> <P>But Not searched after registering for field extraction.</P> Mon, 21 Jan 2019 04:21:21 GMT https://community.splunk.com/t5/Splunk-Search/Field-extract-NOT-search/m-p/415080#M119514 khyoung7410 2019-01-21T04:21:21Z