Sample Log File
2013-10-31|2013-10-31 00:00:00|serv1|ws1|Mozilla|p1=1,p2=2,p3=3|hash1||method1|id||2.01
2013-11-01|2013-10-31 00:00:00|serv1|ws2|Chrome|p1=55,p2=432,p3=3|hash2||method2|id||3.31
2013-10-03|2013-10-31 00:00:00|serv1|ws3|Explorer|p1=34,p2=434434,p3=555555|hash3||method3|id||4.41
Question
The log fields are fixed and there is adlimiter '|' between them
I want that the splunk automaticlly parse data rows into fileds
I add the prop.conf these attributes
DELIMS = "|"
FIELDS = "date"|"datetime"|"service"|"ws"|"browser"|"params"|"gui"|"empty"|"method"|"id"|"status"|"ver"
Why dont I see those fields on the Selected/Interesting Fields list?
what am i missing?
... View more