Hello, I am a n00bie in Splunk.
So I needed some information from unstructured .log file.
I added the data through the web interface, and then used field extraction to get some fields I wanted to get.
Now, I have UNSTRUC_LOG: EXTRACT- FIRST in Field extractions list.

UNSTRUC_LOG: EXTRACT- FIRST Inline ^\d+/\d+/\d+\s+\d+:\d+:\d+\s+\w+:\s+\w+/\w+\s+\w+/\w+\s+\w+/\w+\s+\w+/\w+\s+\w+/\w+\s+\w+/\w+\s+\w+-\w+\s+\w+-\w+\s+\w+\s+\w+\s+%\w+\s+\w+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+(?P<await_svctm_sdb>\d+.\d+\s+\d+.\d+)\s+\d+.\d+\s+\w+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+(?P<await_svctm_sdc>\d+.\d+\s+\d+.\d+)\s+\d+.\d+\s+\w+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+(?P<await_svctm_sda>\d+.\d+\s+\d+.\d+)\s+\d+.\d+\s+\w+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+(?P<await_svctm_sdd>\d+.\d+\s+\d+.\d+)\s+\d+.\d+\s+\w+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+\d+.\d+\s+(?P<await_svctm_sde>\d+.\d+\s+\d+.\d+)

How can I manipulate / edit the fields I extracted ?
Do I use |inputlookup?

I would appreciate any input from you guys.

Jack