Database Reference
In-Depth Information
The field extractor
In all of the examples in this topic, we will use fields that have been set up automatically or
previously set up. One of the primary advantages of Splunk is that it can easily recognize
many types of fields. But users can also make use of the field extractor if they want to set
up fields in a certain way. This can be accessed by clicking on > next to an event, then
clicking Event Actions as shown in the following screenshot. If you then click Extract
Fields , you can choose how you would like to pull out fields from the events. This gets
complicated quickly though, and, for that reason, is beyond the scope of this topic. For a
discussion of regular expressions, go to http://docs.splunk.com/Documentation/Splunk/
6.2.1/Knowledge/AboutSplunkregularexpressions . We'll be going on to learn how to create
reports instead:
Event Actions
Previous Page
Next Page
Splunk Essentials
Search WWH ::




Custom Search
Home