Hi Splunkers! Im running a very simple query to get the subject of all the emails we are getting. Something like this: index=o365_email_data |table Subject Results look like this: Subject Ticket ID: INC3333333 - Prio: 1 - High- "Description of the Incident" - has been updated Ticket ID: INC1111111 - Prio: 4 - Low- "Description of the Incident" - has been resolved Ticket ID: INC2222222 - Prio: 3 - Normal - "Description of the Incident" - has been created What I would like to accomplish is to be able to parse certain parts of that Subject and fill a table like this: Ticket Priority Description Status INC3333333 High Description of the Incident updated INC1111111 Low Description of the Incident resolved INC2222222 Normal Description of the Incident created This resembles a lot like the "Text to Column" function in Excel. Im completely lost on how I can achieve this. Many thanks!
... View more