Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
79 results
Sorted by:
08-02-2013
04:25 AM
Hi
I know that splunk automatically creates default fields like host,sourcetype,index at index time.And also the splunk provides a option to create any new fields also during index time.
My r...
03-13-2018
06:30 AM
...)while DNS logs are only maintained for 1 year ( retention = 1 ).
Everything I have read regarding creating custom fields at index time go back to using regex and extracting an existing field i...
10-07-2013
07:32 PM
...urationMS field at search time. Is it possible to create the DurationMS field at index-time and discard the rest of the Raw event?
- Tags:
- transforms.conf
08-19-2010
06:45 PM
4 Karma
...his being said, other documentation at http://www.splunk.com/base/Splexicon:Transform says:
Transforms are always involved in the
setup of custom index-time field
extractions.
Can s...
10-23-2021
02:27 PM
...ata and the .tsidx files is made. How are the .tsidx files formed from the event data? When I look at the data models object hierarchy in settings I see the fields that it e...
Labels
- Labels:
-
field extraction
-
tstats
10-02-2016
06:35 PM
It seems that it is best to create fields at search time as opposed to index time.!?!? I need to make a field named src be copied/renamed to source_ip. We need to do this to simplify our searches a...
- Tags:
- splunk-enterprise
03-20-2018
09:00 AM
07-17-2018
06:44 AM
1 Karma
I am working with a custom application that generates log files and I think I need to create a new source type and then during the indexing phase extract the fields.
I know that they say t...
- Tags:
- splunk-enterprise
11-13-2011
09:44 PM
Hi All,
We have some indexes that have suddenly stopped indexing the custom fields we had configured on our logs.
There were some changes made to create a new deployment app at the time the p...
- Tags:
- field-extraction
05-21-2017
05:53 PM
...ith any events created by any inputs that use my TA.
I've read the "Create custom fields at index time" Docs page (http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureindex-time...
