Splunk Search

Need to extract field while search only (dont want to use field extraction) using REX

rashi83
Path Finder

Hi,
I have diff log formats in a single sourcetype. Thus can't define field extraction - is there way to use REX in the search string itself which creates fields.?
My log looks like this -
Aug 21 20:44:38, ip-10-237-103-12.ec2.internal, vehicle-master-stg, LOG_MESSAGE:

Tags (1)
0 Karma

skoelpin
SplunkTrust
SplunkTrust

Fix your sourcetypes before doing anything else. This will get much worse down the road

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...