Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Permanent Field extraction

Karthikeya
Communicator
‎02-04-2025 08:06 AM

Trying to get permanent field extraction for a field. Tried to use field extraction tabs in fields given regex there but getting failed. Giving the same in search working. I don't know why.

Below is the event:

host: juniper-uat.systems.fed

Connection: keep-alive sec-ch-ua-platform: ""Windows""

X-Requested-With: XMLHttpRequest

Need to extract the host value as 'fqdn' permanently.

given this regex - Host:\s(?<fqdn>(.+))\n in field extraction as attached below:

Karthikeya_0-1738685468488.png

But it is extracting whole event value starting from fqdn value. Not extracting correctly.

Please help me in this regard.

Labels (3)
Labels
0 Karma
Reply

luizlimapg
Path Finder
‎02-04-2025 10:51 AM

Hi @Karthikeya 

It could be access permission to the extracted field. Go to the menu Settings > Fields, click on Field Extractions, and check if the permission for your field is correct. To ensure access for all users, set the app permissions to global and the Role permissions to Read for Everyone.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-04-2025 08:10 AM

Hi @Karthikeya ,

I could be more detailed, if you can share the full event, anyway, you have to create a regex like the following:

 

| rex "host: (?<host>[^\s\n]+)"

 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top