My XML is as follows:
<row>
<Id>1</Id>
<PostId>7</PostId>
<UserId>2</UserId>
<VoteTypeId>2</VoteTypeId>
<CreationDate>2009-11-06T02:22:37.063</CreationDate>
<TargetUserId>7</TargetUserId>
<TargetRepChange>10</TargetRepChange>
<IPAddress>64.127.105.60</IPAddress>
</row>
<row>
<Id>2</Id>
<PostId>6</PostId>
<UserId>2</UserId>
<VoteTypeId>2</VoteTypeId>
<CreationDate>2009-11-06T02:22:38.25</CreationDate>
<TargetUserId>31</TargetUserId>
<TargetRepChange>10</TargetRepChange>
<IPAddress>64.127.105.61</IPAddress>
</row>
Splunk labels the columns as row.id, row.IPAddress, etc.
Is there a way to have the fields indexed in splunk without the "row." prefix. I've looked at FIELDALIAS and some other items but they don't do what I'm seeking.
Any help will be greatly appreciated.
Thanks in advance.
Scott
... View more