Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to edit automatic field extractions

clintla
Contributor
‎07-12-2021 09:50 AM

I have some automatic field extractions specified in Props.conf per below

INDEXED_EXTRACTIONS=CSV
HEADER_FIELD_LINE_NUMBER=1

They work great and they are extracting about 30 columns but about 5 have 2 words

& I have to specify in each search to rename using one word.

I dont really see any config place to just remove the space in the automatic extraction.
Is there anyway to just make this change to these few extraction names in any config files?

Labels (2)
Labels
0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎07-12-2021 07:02 PM

Hi @clintla 

If you haven't set the following key meaning default behaviour takes care of words, then words with spaces would replaced with _. For example "customer name" would be seen as "customer_name" in search results.

HEADER_FIELD_ACCEPTABLE_SPECIAL_CHARACTERS = <string>
* This setting specifies the special characters that are allowed in header
  fields.
* When this setting is not set, the processor replaces all characters in header
  field names that are neither alphanumeric or a space (" ") with underscores.
  * For example, if you import a CSV file, and one of the header field names is
    "field.name", the processor replaces "field.name" with "field_name", and
    imports the field this way.

 Is that something you are looking for?

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...