Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

No URL field in the Search base

vistasyslog
New Member
‎12-24-2012 11:51 AM

I have three Firewalls splunking, and I cannot see a src_ip or the URL fields in the search base.
Is there a way to get them.
I just started with Splunk so may be Don't have a lot of things required setup right now.
Any help or tips on starting Splunking that may be helpful in the future would be great.

Thanks all
Ansh

Tags (1)
0 Karma
Reply

cyue_splunk
Splunk Employee
Splunk Employee
‎12-24-2012 07:53 PM

Click he small triangle symbol at the beginning of any event and use the Interactive Field Extract page to extract/define your src_ip or URL fields.

0 Karma
Reply

vistasyslog
New Member
‎12-24-2012 08:32 PM

Great. Thanks for your help.

0 Karma
Reply

cyue_splunk
Splunk Employee
Splunk Employee
‎12-24-2012 08:20 PM

Here is the example how you can use IFX to extract fields:

http://docs.splunk.com/Documentation/Splunk/5.0.1/Knowledge/ExtractfieldsinteractivelywithIFX

0 Karma
Reply

vistasyslog
New Member
‎12-24-2012 08:05 PM

Thanks for the answer, but I still cannot find the fields.
Is there a syntax that I need to put in ?
Can you give me an example of it ?

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...