Hi snehalapatil
there are two way to achieve that, index-time or search-time field extraction. about index-time extraction you can read more here http://www.splunk.com/base/Documentation/latest/Admin/Configureindex-timefieldextraction
but as many answers state, index-time field extraction is not the best to do:
In general, we recommend search-time extractions rather than index-time extractions. There are relatively few cases where index-time extractions are better, and they come at the cost of brittleness of configuration and an increase in index size (which in turn makes searches slower).
this means you better use search-time field extraction and here is a good source on that topic:
http://www.splunk.com/base/Documentation/latest/Knowledge/Createandmaintainsearch-timefieldextractionsthroughconfigurationfiles#First.2C_define_a_field_transform
regards
... View more