Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Field extraction

gudavasr
Path Finder
‎10-08-2012 03:33 PM

Hi,

I am using props.conf to do field extraction and looks like working fine.
But I don't see them in Search APP..However, I am seeing them in sample_log search head.
here is example:

props conf:

[sample_log]
EXTRACT- = USER\sHOME:\s(?\w:[\w|\|\w|\s]*)

when I use "Search APP"; I don't see the Extract field but if I open "sample_dev_searchhead", I can see it. How can I configure the extract fields so that they can be seen in any App?

Thank You.

Tags (2)
0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎10-08-2012 04:35 PM

You'll want to go to Manager » Fields » Field extractions, find your extraction and change the permissions to be global.

Reply
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...