Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Field Extractor Naming Everything "FIELDNAME".

tfitzgerald15
Explorer
‎06-28-2013 09:26 AM

Hey All,

So, the field extractor in Splunk is working great. I can search by any of my custom fields. The only problem however seems to be that no matter what I do, it calls all of my custom fields "FIELDNAME".

I can't seem to find anything to quickly rename those, and I'm not familiar enough with the RegEx to rename it at extraction. Any chance someone can help?

-Travis

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎07-24-2013 05:17 PM

You are talking about the interactive field extractor built into Splunk, and not the Field Extractor app, I believe. The way to change the fieldname, is to SAVE the extraction, which pops up a dialogbox where you name the field.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎07-24-2013 05:17 PM

You are talking about the interactive field extractor built into Splunk, and not the Field Extractor app, I believe. The way to change the fieldname, is to SAVE the extraction, which pops up a dialogbox where you name the field.

0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎06-28-2013 09:35 AM

Please see the Splunk UI fiels-> field extraction. Choose the field. Change the names according to your requirement. Or you can also modify them in props.conf and restart to get them worked. Hope it helps. Thanks

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...