[edit - a workaround was found in the comments]
Hello,
We try to export VMware inventory to Splunk. A raw Splunk event looks like this:
VM="Template Debian 9", Powerstate="poweredOn", IP Address="100.100.100.100", Cluster="My Cluster Name", VM ID="12345", ... etc.
Splunk extracts perfectly well all fields without spaces in field name, like VM, Cluster, Powerstate, etc. But it can't extract the fields with spaces, like IP Address, VM ID, etc.; they are visible only in raw data, but not as fields.
We tried to use a rex command like that one:
rex field="IP Address" mode=sed "s/ /_/g"
but we didn't succeed.
Do you have any idea how we could extract these fields?
Thanks for the help.
... View more