Solved: Field extractions not creating fields at search ti... - Page 2

twistedsixty4 · ‎01-02-2014

So I've been working on a particularly complicated and convoluted set of log files that require a bit of regex work to be done. weve gotten the field extraction page to grab the right fields, and even test the rex on the data set, first head 10000 and then no head at all, and it works fine. however once we save the extractions we get nothing, no fields ever show up, ever if we tell it to show fields with no related records. any idea what we are missing here?

Edit:__
all extractions are in the search app, but are given global permissions.

We have restarted or Splunk server several times, a few of the extractions from our transforms file show up but that's it.

As for our formatting the field extractor builds them and we will click the test button and it works just fine in the testing window, but it's exactly when we save it that it just disappears.

We just updated to Splunk ver6 are we missing some configurations?

twistedsixty4 · ‎01-03-2014

Because of how detailed the fields are I was using multiple words to name them and was inadvertently adding spaces to my field names causing them to not work after saving them. Thanks Kristian!

View solution in original post

Field extractions not creating fields at search time

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk