The the syslog data from our barracuda EMSG is being ingested into Splunk, but I'm having trouble extracting fields from the data. I'm using the regular expression builder, however not all of the data is in the same "format" and I can't define all the fields. Am I missing something here? I've searched the answers, and I can't find anything related to this.
... View more
In Splunk 6.1, do you have to specify an index in the search line to have results pulled back? Ex. When searching for syslogs stored on the indexer, typing in sourcetype="syslog" would not bring back the complete results. I found that specifying the index would bring back the results. Index=* Sourcetype="syslog" brought back all the syslogs. Typing in (sourcetype="syslog") by itself would not yield much.
... View more