I have three Firewalls splunking, and I cannot see a src_ip or the URL fields in the search base.
Is there a way to get them.
I just started with Splunk so may be Don't have a lot of things required setup right now.
Any help or tips on starting Splunking that may be helpful in the future would be great.
Thanks all
Ansh
Click he small triangle symbol at the beginning of any event and use the Interactive Field Extract page to extract/define your src_ip or URL fields.
Great. Thanks for your help.
Here is the example how you can use IFX to extract fields:
http://docs.splunk.com/Documentation/Splunk/5.0.1/Knowledge/ExtractfieldsinteractivelywithIFX
Thanks for the answer, but I still cannot find the fields.
Is there a syntax that I need to put in ?
Can you give me an example of it ?
Thanks