Hi I am new here and I have an issue which is unsolvable for me. I hope some of you can help me. The result of my Splunk search looks like the following: 2016-06-24 14:42:29,892 ERROR: eventId=3, incoming="{"eventId":5,"gameId":1,"networkId":1,"instanceId":1,"zoneId":1,"playerId":"123","date":14...}", transformed="null",.... Now I want to get access to the fields in the incoming field so that I can search the data later with R. For this reason, I need something like: extract pairdelim="," kvdelim=":" , but I have absolutely no idea how I can do that. Given that I am not a Splunk expert, it would be great if you can formulate your answer simple and understandable. Thank you in advance for your help, and let me know if you need further information! ... View more