https://community.splunk.com/t5/Splunk-Search/How-to-parse-my-sample-raw-data-to-so-I-can-search-for-Parameter/m-p/259860#M77891 <P>Hey Sundaresh,</P> <P>I tried this out with a restart, I didnt notice anything. Also, i added the transforms.conf under etc/system/local</P> <P>Am I doing this right?</P> Thu, 14 Jul 2016 15:20:01 GMT Stevelim 2016-07-14T15:20:01Z https://community.splunk.com/t5/Splunk-Search/How-to-parse-my-sample-raw-data-to-so-I-can-search-for-Parameter/m-p/259858#M77889 <P>Not exactly sure how to phrase this, but how can I remodel my data input via Splunk? </P> <P>For example, my raw data looks like this:</P> <PRE><CODE>Tag= Parameter Value =2 </CODE></PRE> <P>Parameter = 2 in Splunk such that I can search for Parameter = Some Value</P> Wed, 13 Jul 2016 23:20:01 GMT https://community.splunk.com/t5/Splunk-Search/How-to-parse-my-sample-raw-data-to-so-I-can-search-for-Parameter/m-p/259858#M77889 Stevelim 2016-07-13T23:20:01Z https://community.splunk.com/t5/Splunk-Search/How-to-parse-my-sample-raw-data-to-so-I-can-search-for-Parameter/m-p/259859#M77890 <P>In your transforms.conf, add this</P> <PRE><CODE>[unique_stanza_name] REGEX = Tag=\s?(\w+)\s+Value\s?=(\d+) FORMAT = $1::$2 </CODE></PRE> <P>Here's more on how that works</P> Wed, 13 Jul 2016 23:59:03 GMT https://community.splunk.com/t5/Splunk-Search/How-to-parse-my-sample-raw-data-to-so-I-can-search-for-Parameter/m-p/259859#M77890 sundareshr 2016-07-13T23:59:03Z https://community.splunk.com/t5/Splunk-Search/How-to-parse-my-sample-raw-data-to-so-I-can-search-for-Parameter/m-p/259860#M77891 <P>Hey Sundaresh,</P> <P>I tried this out with a restart, I didnt notice anything. Also, i added the transforms.conf under etc/system/local</P> <P>Am I doing this right?</P> Thu, 14 Jul 2016 15:20:01 GMT https://community.splunk.com/t5/Splunk-Search/How-to-parse-my-sample-raw-data-to-so-I-can-search-for-Parameter/m-p/259860#M77891 Stevelim 2016-07-14T15:20:01Z