In this example, values that occur after the strings From: and To: are saved into the from and to fields. The rex command matches segments of your raw events with the regular expression and saves these matched values into a field. The rex command performs field extractions using named groups in Perl regular expressions that you include in the search criteria. See About fields in the Knowledge Manager Manual. The following sections describe how to extract fields using regular expressions and commands. In Splunk Web, you can define field extractions on the Settings > Fields > Field Extractions page.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |