Hello
I'm attempting to extract multiple fields at a time from eloquence db fwaudit logs, an example of which is below:
timestamp: 2016-12-08 12:04:38
ORDER-NO : +XXXX
CUST-NO : X
-CC-DOLLARS : XXX
+CC-DOLLARS : XXX
CREDIT-CARD-NO : "X"
CC-EXPIRE-DATE : "X"
ORDER-DATE : +XXXXXX
BILLING-TYPE : "X"
BILL-ISSUE-NO : "\000\000"
POSTED-DATE : +XXXXXX
POSTED-TIME : +XXXXXX
BILL-DATE : +XXXXX
I have tried field extraction through the Splunk Web wizards, both the regular expression and delimiters options. But the problem with that is you have to define the fields, where as with this there are multiple fields at a time (I'd want to extract whatever fields have "+" and "-" at the beginning) and the fields themselves can vary from log to log.
I have installed Splunk Common Information Model (CIM) hoping that may help but no luck, there is also no existing eloquence app which I hoped would help with field extraction.
Any suggestions I can work from? Thanks
... View more