×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
kylexhourihan
Engager
Member since: ‎12-17-2012
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎12-17-2012
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Extracting fields

by in Splunk Search
‎12-26-2012 10:14 AM
‎12-26-2012 10:14 AM
Thanks Kyle, I have tried this method, however it does not produce the results I was hoping for with indexing the data. I set up a field extraction with this reg ex to remove the hostnames in a search. index=nginx sourcetype="Nginx" host="" | rex "(?i)^(?:[^ ] ){3}(?P [^ ]+)" | top 50 FIELDNAME. This appears to work however I would like to extract the correct fields before the data is indexed ? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All