I am working with data from an application but the data has been forwarded to Splunk as raw data and appear randomly in various sections of the raw data. The data has no field attribute in them at all that can allow me to regex the data ( I am still not skilled in regex to that level)
My objective is to create new fields that are searchable using the following already set data
• Unexpected properties received in HTTP request
• XML received in post data for web node requestor
• Attempt to execute a rule failed in web node environment
• Attempt to run a stream from URL failed in web node environment
• A Thread name in a URL contains invalid characters
• Attempt to attack a user session has been blocked
• A rule could not be executed because Rule Security Mode is in WARN or DENY and this rule was not implicitly allowed
• Cross Site Request Forgery attack detected and was blocked
• A browser has reported a violation of your application's Content Security Policy
• SECU0010 -Â SQL functions that generate SQL sub-queries are not allowed on classes with access control policies
• Custom SQL in an RDB method must use class directives and not table names when Policy Condition rules have been defined to enforce row-level security when Viewing Instances
• Access control policies cannot be enforced in SQL INSERT and MERGE statements
• Unauthorized access for user session termination API
• A node-level data page has been loaded referencing a class with access control policies in force
any help will be appreciated
