×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
apare
Engager
Member since: ‎01-31-2012
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎01-31-2012
Activity Feed
Topics I've Started
View All

Re: Can't load my custom fields

by in Getting Data In
‎02-06-2012 07:23 AM
‎02-06-2012 07:23 AM
Thank you there is my new props.conf [ces_index_log] EXTRACT-ces_index_log = (? \d*)|(? \w*)|(? \d{4}-\d{2}-\d{2})|(? \d{2}:\d{2}:\d{2})|(? \d*)|(? [^|])|(? [^|] )|(? [^|])|(? [^|] )|(? [^|])|(? [^|] )|(? \d*)|(? [^|])|(? [^|] )|(? [^|])|(? [^|] )|(? \d*)|(? \d*)|(? [^|]*) ... View more

Can't load my custom fields

by in Getting Data In
‎02-03-2012 11:29 AM
‎02-03-2012 11:29 AM
I try to index my logs with a custom Source type. Here is my files : Log file exemple : #HeaderKey1: header value 1 #HeaderKey2: header value 2 id|severity|date|time|duration|description|uri|operation|collection|lang|format|size|source|errorcode|links|badlinks|collectionid|sourceid|printableuri ... transforms.conf : [my_log] DELIMS="|" FIELDS = "id", "severity", "date", "time", "duration", "description", "uri", "operation", "collection", "lang", "format", "size", "source", "errorcode", "links", "badlinks", "collectionid", "sourceid", "printableuri" [my_log_comment] REGEX = ^# DEST_KEY = queue FORMAT = nullQueue props.conf : [my_log] EXTRACT-my_log = my_log_comment, my_log The result is that all the line are indexed (header include) and the only field i got is _raw... I do not care about the information in the header; I don't want to index it or to take information from it. I only want to have all my log with all the fields. What is wrong in my configuration? What i should do to index my custom log file correctly thank you ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All