Re: Extract fields in query or in config file

indeed_2000 · ‎12-20-2023

Hi

What is the different between Extract fields in query with rex or in config file.

Pros and cons?

how about performance?

Thanks,

gcusello · ‎12-20-2023

Hi @indeed_2000,

if you extract a field using the rex command you have this extraction only in the search,

if you have a field extraction (even if done with athe same regex) in conf file (that means save the regex as field extraction), you can use the field extractions in all searches (related to the permission of the knowledge object).

Ciao.

Giuseppe

indeed_2000 · ‎12-20-2023

@gcusello How about performance?

gcusello · ‎12-20-2023

Hi @indeed_2000 ,

exctly the same because the field exraction is performed at search time.

ciao.

Giuseppe

isoutamo · ‎12-20-2023

Hi

it’s probably same, but (at least in there) if you have lot of those in conf files then those could minimally slow down the execution time as those conf files load every time when you are executed a query. But unless you haven’t thousands of those it probably don’t mark anything.

r. Ismo

Extract fields in query or in config file

field extraction

regex

rex

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation