I have written a regex "^(?[^\t]+)\t(?[^\t]+)\t(?[^\t]+)\t(?\w+)[^\t\n]*\t(?[^\t]+)\t(?\w+\s+)(?[^\t]+)(?.+)" Please let me know how can I automatically create props.conf and transforms.conf.
There is no proper blog explaining the details of how to create a basic props.conf and transforms.conf to extract a custom log event .
When you create field extractions from GUI, it is more dependent on the app context you are in. So if you are in search app and then started creating regex/field extractions, then yes. Props and transforms will get created in search/local otherwise whatever the app context you are in/local
OR you can create the files props.conf and transforms.conf manually in your app name/local with the above config and save it. Splunk should reload the configurations and once you run your searches you should see your new fields.
@smdasim, please refer to documentation to perform Interactive Field Extraction (IFX) through Splunk UI.
You can Write Regular Expression yourself of use Splunk's auto-generated Regular Expression. You can also add/remove events based on your needs to ensure Regular Expression is working as expected.