Hi Everyone,
I am trying to extract fields from the multivalued Field which has the following
The parameters are usually separated by param="Value"
From the above text = GA_googleSetAdContentsBySlotForSync
Parameter = &callback
value = GA_googleSetAdContentsBySlotForSync
Parameter = &flash
value = 10.3.181.34
The text above is one field and this parameter extraction has to be done only to websites which are search engines ..
Is there a way to extract the field values even if it is not dynamic way of extraction?
GOT IT!!!
source="POC.txt" | regex Field2="google" | makemv delim="&" Field2
Did you look at all the fields, not just those shown on the left? Click Edit, and in the pop-up window that field should already be extracted as "correlator".
Splunk should automatically extract a value any time it sees a key=value. How it determines what are "interesting fields" I'm not sure.
Hi Mike , I dont this its so easy .
We would have to parse and cut the words between ¶m1="WORD"¶m2
Let me know if there is a way to do this.
Field2 that needs to be extracted is 1329033560.. can you please suggest the regex to derive this multi valued field?
I am new to splunk. Can you please tell how to achieve this? I am unable to find the search query using splunk
| eval Field2=substr(message, charindex(message, "&lmt="), charindex(message, "&dt="))
I have used some thing as above but charindex doesnt work.
here "message" is the Field which is been extracted during the data import.
I don't understand what's not working and how you would like things to work. Could you state your problem more clearly please?