Splunk Search

No URL field in the Search base

vistasyslog
New Member

I have three Firewalls splunking, and I cannot see a src_ip or the URL fields in the search base.
Is there a way to get them.
I just started with Splunk so may be Don't have a lot of things required setup right now.
Any help or tips on starting Splunking that may be helpful in the future would be great.

Thanks all
Ansh

Tags (1)
0 Karma

cyue_splunk
Splunk Employee
Splunk Employee

Click he small triangle symbol at the beginning of any event and use the Interactive Field Extract page to extract/define your src_ip or URL fields.

0 Karma

vistasyslog
New Member

Great. Thanks for your help.

0 Karma

cyue_splunk
Splunk Employee
Splunk Employee
0 Karma

vistasyslog
New Member

Thanks for the answer, but I still cannot find the fields.
Is there a syntax that I need to put in ?
Can you give me an example of it ?

Thanks

0 Karma
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...