It is not possible.

I do not understand this answer at all. The extract command has nothing to do with this.

Hi woodcock,

that is not correct, you can call specific transform stanzas using the extract command:

<extractor-name>
Syntax: <string>
Description: A stanza in the transforms.conf file. This is used when the props.conf file does not explicitly cause an extraction for this source, sourcetype, or host.

So by using extract this part of the question:

I'm doing field extractions and want a way to confirm the field extractions applied to all the correct events.

was answered correctly.

But beside this, there is not really another way to get something like this Is there a way to tell if a regex has been applied to an event?

Hope that makes sense ...

cheers, MuS

I still do not see what you are saying. All extract does is execute a specific transform which in no way allows for any backtracking, which is what this question is about.

yep, exactly what I said 😉

You can use extract to test, validate if the transforms stanza works with search results.
But out of the box you will get no information, backtracking what transforms was executed against the events.

The question in my eyes is misleading because it asks two different things in one post:

1. Is there a way to tell if a regex has been applied to an event?
2. I'm doing field extractions and want a way to confirm the field extractions applied to all the correct events

for 2. the answer is extract.

One can argue that it actually did not answer the first question and for arguments sake you might get something from running Splunk in debug mode or increasing the TransformsExtractionHandler log channel. But I never really tried, nor checked that.

cheers, MuS

And only the OP might care. 100% of everyone else who ends up here from a search engine is looking for the answer that is NOT here.

You're right about this