Field extraction appears to be restricted to Host, Source or sourcetype - I have multiple web servers, and even web services running on the same server - but they all generate different sourcetypes.
Currently I create a Field Extraction per source, but want to know if I can make this more generic and use it across any IIS log. All the logs are given different sourcetype names, to differentiate at search level.
has anyone used the Splunk app for web Intelligence? would this assist?
... View more