Hello Splunkers,

I Have syslog log in my splunk index, for example:

2014-01-13 23:59:59 Local7.Error 172.16.80.21 10505: Jan 14 01:59:58.377: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on FastEthernet0/45.

I want create a field called MSG, in this field will contains: "Loop-back detected on FastEthernet0/45."

Other examples:

2014-01-13 23:59:56 Local2.Info 192.168.116.4 339677: Jan 13 23:59:55: %PIM-6-INVALID_RP_JOIN: Received (*, 224.0.1.40) Join from 192.168.16.2 for invalid RP 192.168.116.1

MSG= Received (*, 224.0.1.40) Join from 192.168.16.2 for invalid RP 192.168.116.1

The value MSG will be every character after ":" .

Tks splunkers.