Hi I have data in the following format:
1,20181030154237,XYZ/ABC - Something Anything,2018-10-30 15:42:37,2018-10-30 16:42:37,Success,n/a,XYZ/ABC - Something Anything,n/a,n/a,100000,0,gdd0t22_abc_xyz_cmpgn_summ_t
I am trying to extract like below:
field1 field2 field3 field 4..... so on
1 20181030154237 XYZ/ABC - Something Anything 2018-10-30 15:42:37
I don't want to write 13 regexes to extract the data. can anyone help?
You can do search time field extractions pretty easy since all the fields are comma separated. Go to settings --> Fields -->Field transformations. Follow below steps.
.
first question, this seems to be a comma separated data. doing indexed extractions would be a great way to start I suppose.
transforms.conf
[sourcetype]
INDEXED_EXTRACTIONS=csv
FIELD_NAMES=field1,field2,filed3.... so on