Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does full key value not extract properly if it starts with a number?

msmapper
Path Finder
‎06-27-2018 09:48 AM

I have created a new log message that looks like

2018-06-27 11:28:01,743 WARN TestReporting , id="LJ99YUT5F1K", trans_timestamp="6/27/18 3:42 AM", 3d_secure_data="", arn="", purchase_amount="57.80", currency="USD"

All of my Key-value pairs do auto-extract but the one named 3d_secure_data does not seem to extract the full name. When you look at the Interesting Fields, the key is actually named d_secure_data, the 3 is being dropped off somehow. See screenshot

alt text

Is this a known key naming convention where keys can only start with alpha char or is this an issue with auto-extraction? I am using Splunk Enterprise 6.6.3.

I can work around the issue by remaining the key and spelling out the word three, Ijust want to know if this a known configuration setup or a bug.

Regards
Jen

Preview file
11 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ddrillic
Ultra Champion
‎06-27-2018 10:01 AM

The documentation says -

Getting Data In

alt text

View solution in original post

Preview file
40 KB
0 Karma
Reply
Solved! Jump to solution
Solution

ddrillic
Ultra Champion
‎06-27-2018 10:01 AM

The documentation says -

Getting Data In

alt text

Preview file
40 KB
0 Karma
Reply
Solved! Jump to solution

msmapper
Path Finder
‎06-27-2018 10:04 AM

Thanks ddrillic! Not sure how I missed that in the documentation after all these years.

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎06-27-2018 10:06 AM

Sure thing - I wasn't sure either ; -)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...