Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Field Extractor Naming Everything "FIELDNAME".

tfitzgerald15
Explorer
‎06-28-2013 09:26 AM

Hey All,

So, the field extractor in Splunk is working great. I can search by any of my custom fields. The only problem however seems to be that no matter what I do, it calls all of my custom fields "FIELDNAME".

I can't seem to find anything to quickly rename those, and I'm not familiar enough with the RegEx to rename it at extraction. Any chance someone can help?

-Travis

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎07-24-2013 05:17 PM

You are talking about the interactive field extractor built into Splunk, and not the Field Extractor app, I believe. The way to change the fieldname, is to SAVE the extraction, which pops up a dialogbox where you name the field.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎07-24-2013 05:17 PM

You are talking about the interactive field extractor built into Splunk, and not the Field Extractor app, I believe. The way to change the fieldname, is to SAVE the extraction, which pops up a dialogbox where you name the field.

0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎06-28-2013 09:35 AM

Please see the Splunk UI fiels-> field extraction. Choose the field. Change the names according to your requirement. Or you can also modify them in props.conf and restart to get them worked. Hope it helps. Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...