- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
First time trying this. I have the below data. Using the | character as a delimiter, then going thru the field extractor GUI, it extracts 5 fields. So far so good. Then I rename 3 of the fields to a more descriptive name. Then it asks me to save it which I do, then there is an option to do a search with the fields I've just defined. I click on it and it shows a search, but none of the fields I just defined are there. Very strange. What am I missing?
15:15:55.664 | [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] | DEBUG | splunk - | {'externalRefId':'exr654321','message':'RMA service return 202','serverResponseTimeMs':'143'}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
found a way to get this to work..... Cleared out all the events and recreated new ones. Then the field extractor worked....better, not perfect but much better than before
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
found a way to get this to work..... Cleared out all the events and recreated new ones. Then the field extractor worked....better, not perfect but much better than before
