Hello,
I am using Splunk Light to create a proof of concept with Splunk.
I have imported a .csv file. One of the columns has a "message".
The message sometimes contains an ActivityID.
The ActivityID has three inconsistent shapes:
1. ActivityID: 00000000-0000-0000-0000-000000000000
2. ActivityID 00000000-0000-0000-0000-000000000000
3. activityid_00000000-0000-0000-0000-000000000000
I want to extract the field based on the above.
I succeeded to extract the first one. When I add the second one, it fails to do so and throws an error.
I tried to create two different definitions with the same name. The seconds one fails because ActivityID already exists.
What are your recommendations?
... View more