I am a novice, experimenting with a free version of Splunk, and I have a twitter feed in a text file. A part of it looks like :
Name: The Last Word
Screen Name: TheLastWord
Text: .@lawrence anchors from LA tonight where it's in the 60s. In NYC, it's in the 30s and is supposed to snow. #luckyguy #lastword
Created At: Mon Mar 25 18:23:26 +0000 2013
Source: web
Id: 316254010745188352
(I do not have sourcetype : twitter in my version, so I had to make a new sourcetype).
Now I realize that the regex to extract hashtags is : #[^#\s]*\s , but how do I get splunk to create a new field called hashtag, so that I can report of top hashtags etc ?
Thanks !
... View more