Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Sharing Field extractions

tb5821
Communicator
‎02-22-2018 05:49 AM

I can't for the life of me get one of the search app field extractions to also pick up the same regex (field extraction) on another sourcetype - I've made sure all the permissions are set to global for the extraction, and restarted splunk.

Can anyone offer any help?

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎02-22-2018 06:39 AM

Field extractions are relative to sourcetype. You can duplicate the extraction to the new sourcetype and it will work

0 Karma
Reply

tb5821
Communicator
‎02-22-2018 06:45 AM

There doesn't appear to be an easy way at least within splunk web to clone extractions?

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎02-22-2018 06:59 AM

Go to Settings>Fields and find your field. Copy the regular expression, then create new. You should then paste this regex and tie it to your new sourcetype

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎02-27-2018 06:28 AM

Did this work for you?

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...