Hi I have extracted few fields using Regex from logs in Splunk. I can do search on those fields successfully in Splunk WebUI. I want to use the same queries uisng SplunkJS in my Webapp. Every time I add the extracted fields in the SearchManager's search query on my page, I get No result found.
How can I resolve this issue and continue to use SplunkJS in my webapp?
Ok I found a work around for this. I used regex expression to extract fields and its producing the same output just as in splunkUI with extracted or transformed fields.
Splunk UI Extracted field : EXTRACT-TransUID Inline ^[^[\n]*[(?P
SplunkUI search: index="myindex" host="myhost" | transaction TransUID
When I used the above search in my webapplication uisng SplunkJS, it wouldn't work.
So I used regex as below in the search and its working just as it did in SplunkUI
'index="myindex" host="myhost" | rex field=_raw "^[^[\n]*\[(?P<TransUIDTest>[^]]+)" | transaction TransUIDTest'