About tamir

tamir · ‎03-18-2024

@isoutamo hey thanks for the replay. I've been trying to create the following two you shared, but somehow i still don't see the the field in the field section I'm sharing the process I've taking. let me know if I'm missing something.

tamir · ‎03-13-2024

@richgalloway thanks for replay the | rex is working as it should the problem start when I'm trying to save the Regex. and this is cause by the fact i need to save the regex from the "source" field and no from the "_raw" field. The main goal is to add another field in all searches without using the | rex command every time.

tamir · ‎03-13-2024

hey @gcusello thanks for your replay. It seems like the capture do not capture any of the fields i needed, I've tried to save it an even to play a bit with the syntax. but still no success.

tamir · ‎03-12-2024

hey guys did someone ever happed to come through this problem. I'm using Splunk Cloud I'm trying to extract a new field using regex but the data are under the source filed | rex field=source "Snowflake\/(?<folder>[^\/]+)" this is the regex I'm using when i use it in the search it works perfect. but the main goal is to save this search as a permanent field. i know that the the field extraction draw from the "_raw" there is an option to direct the Cloud to pull from the source and save it a permanent field.

Posts	4
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎01-31-2024

Online Status	Offline
Date Last Visited	‎03-18-2024 01:40 PM

regex field extraction not from _raw

Re: regex field extraction not from _raw

Re: regex field extraction not from _raw

Re: regex field extraction not from _raw

regex field extraction not from _raw