How to query extracted field using SplunkJS

AshChakor · ‎04-23-2019

Hi I have extracted few fields using Regex from logs in Splunk. I can do search on those fields successfully in Splunk WebUI. I want to use the same queries uisng SplunkJS in my Webapp. Every time I add the extracted fields in the SearchManager's search query on my page, I get No result found.
How can I resolve this issue and continue to use SplunkJS in my webapp?

AshChakor · ‎04-25-2019

Ok I found a work around for this. I used regex expression to extract fields and its producing the same output just as in splunkUI with extracted or transformed fields.
Splunk UI Extracted field : EXTRACT-TransUID Inline ^[^[\n]*[(?P[^]]+)

SplunkUI search: index="myindex" host="myhost" | transaction TransUID

When I used the above search in my webapplication uisng SplunkJS, it wouldn't work.
So I used regex as below in the search and its working just as it did in SplunkUI
'index="myindex" host="myhost" | rex field=_raw "^[^[\n]*\[(?P<TransUIDTest>[^]]+)" | transaction TransUIDTest'

How to query extracted field using SplunkJS

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

How to query extracted field using SplunkJS

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits