Splunk Search

Field Extractor Naming Everything "FIELDNAME".

tfitzgerald15
Explorer

Hey All,

So, the field extractor in Splunk is working great. I can search by any of my custom fields. The only problem however seems to be that no matter what I do, it calls all of my custom fields "FIELDNAME".

I can't seem to find anything to quickly rename those, and I'm not familiar enough with the RegEx to rename it at extraction. Any chance someone can help?

-Travis

Tags (2)
0 Karma
1 Solution

carasso
Splunk Employee
Splunk Employee

You are talking about the interactive field extractor built into Splunk, and not the Field Extractor app, I believe. The way to change the fieldname, is to SAVE the extraction, which pops up a dialogbox where you name the field.

View solution in original post

0 Karma

carasso
Splunk Employee
Splunk Employee

You are talking about the interactive field extractor built into Splunk, and not the Field Extractor app, I believe. The way to change the fieldname, is to SAVE the extraction, which pops up a dialogbox where you name the field.

0 Karma

linu1988
Champion

Please see the Splunk UI fiels-> field extraction. Choose the field. Change the names according to your requirement. Or you can also modify them in props.conf and restart to get them worked. Hope it helps. Thanks

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...