Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Missing fields extractions

franklinashokp
New Member
‎04-27-2017 05:19 AM

Hi All,

Recently we have moved all the splunk rules for alerting to another app,

after we moved few searched are not giving any results, for example the searches which are using a eventtype that contains facility and mnemonics doesnt give any result.

Below is one such example of an eventtype

Below are two example of event type

1) sourcetype=cisco_syslog facility=OSPF mnemonic=ADJCHG

2) sourcetype=cisco_syslog facility=BGP mnemonic=ADJCHANGE

I am not very sure but after searching on google, I understand the facility & mnemonic are the fields created to match the event, however after we changed the app to GNS_Alerting I couldn’t find these two in the fields extractions. May I check with you how to create the fields as most of the event types used for the alert rules are using these fields. If i removed the facility and mnemonic and just give the key words we see results.

Can please advise thanks

regards
Franklin

Tags (1)
0 Karma
Reply

dineshraj9
Builder
‎04-27-2017 05:36 AM

Check permissions on all knowledge object in the previous app. Either share them globally or move them to your new app for the searches to work again.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...