In the interactive fieldextractor (Splunk 6.2), on the first step - "SelectFields", its not displaying all lines in the event, and I can't scroll down. The field I need to extract is further down....
Below is my data. I have used very simple "Example values for a field" like, 23 or 1.27, or msec or threads.
The response back never properly defines the named objects. Goal is to be able to r...
What is the "safe" character set to use for field names, especially in lookups? By "safe" I mean "no need to quote-escape in a search." I know [a-zA-Z0-9_] works--is there anything else? Periods a...
...e the first 200 characters or so and I can't select the field.
Any ideas on a configuration change to splunk that allows me to extract fields from raw data that is so large, and/or how to g...
i can't understand when to use regex and when to use delimiter
-Regex
Use this option when your event contains unstructured data like a system log file
-Delimiter
Use this option when your ...
...plunk. I have been trying to generate report using Splunk search query to retrieve the fields and data that i need for my report. I have some basic fields like Index, host sourcetype.... but it is n...
Hi everyone, I'm having trouble applying the following fields transformation — it's not "parsing" during search time. The regex works fine, it's parsing VALUE, so for example, CODE=22344, but n...
I want to extract fields from my log files. Therefore I used the interactive fieldextractor. A regex was created, I tested and stored it and gave permissions to the search app.
When I enter the s...
Hey guys,
I am looking through a very very very large log of files for events. In the normal search screen, you can specify date ranges for your search, but in the field extraction screen, I c...