I need to break down my event logs.
I'm getting confused in configuring transform.conf, props.conf, etc...
this a sample of one line of my data:
I, [2011-04-01T00:01:04.883503 #1023] INFO -- : [2011-04-01 00:01:03,188.8.131.52,12345,184.108.40.206,654,bumiflow.com.my,MX,IN]
(for confidentiality reasons, I've changed data values... but the format follows the same)
so currently, splunk is able to map the source ip, and also identifies the time.
I want to break down all the rest of the event as well based on resource records (MX, A, AAAA, etc.), domains, etc..
firstly, Can I do that from splunk manager? probably "Manager>fiels"...
if not, can you guide me through configuring the conf files..