Hi,
I want to write "rex mode=sed field="DIRECTORY" "s/|/ |/g" in transforms.conf or props.conf so that the replacement happens before importing the file in the splunk . Is it possible please let me know how it could be achieved
Thanks in advance
You can probably look at the documentation for http://docs.splunk.com/Documentation/Splunk/5.0/admin/Propsconf in particular, SEDCMD.
