No URL field in the Search base

vistasyslog · ‎12-24-2012

I have three Firewalls splunking, and I cannot see a src_ip or the URL fields in the search base.
Is there a way to get them.
I just started with Splunk so may be Don't have a lot of things required setup right now.
Any help or tips on starting Splunking that may be helpful in the future would be great.

Thanks all
Ansh

cyue_splunk · ‎12-24-2012

Click he small triangle symbol at the beginning of any event and use the Interactive Field Extract page to extract/define your src_ip or URL fields.

vistasyslog · ‎12-24-2012

Great. Thanks for your help.

cyue_splunk · ‎12-24-2012

Here is the example how you can use IFX to extract fields:

http://docs.splunk.com/Documentation/Splunk/5.0.1/Knowledge/ExtractfieldsinteractivelywithIFX

vistasyslog · ‎12-24-2012

Thanks for the answer, but I still cannot find the fields.
Is there a syntax that I need to put in ?
Can you give me an example of it ?

Thanks

No URL field in the Search base

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation

No URL field in the Search base

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...