I would like to perform search time field extraction on text that is already being stored in a field to break it up into multiple fields. The problem is I dont know how many fields.
An example would be to extract each word of text into its own field. So:
Field1="I love Splunk"
And using the assumption that I have a consistent identifier to break up the fields (the space in this example), I need it to work for any amount of text in the original field.
My purpose for this is to identify specific details that are different between two text fields, not just that the fields as a whole are different. A more relevant example is identifying differences between two fields that contain a ton of information in Security Descriptor String Format.
So I guess a potential better question would be, does anyone know of a acceptable way to use splunk to make sense of Security Descriptor String Format?