Given I have some input with a bunch of fields that are not automatically extracted and I used the Field Extractor in the web interface to label the fields and I've ticked the box to select the fields I want to display.
Now that I've done that configuration, how can I take that configuration and share it with folks at other companies who also use Splunk to ingest the same data? What I think I mean is, "how can I create a sourcetype for my data?"
I understand I could write my own regexes and put them in props.conf, but if I can use the UI to do the hard part, why not? Right?
And I'm sure I'm a little ahead of myself here, but my end goal would be to put this in an app to share with other Splunk users that way. Just in case there's anything else that I should consider here with that goal in mind.
Thanks for any help.
This question seems pretty basic, I know, but I'm such a n00b with Splunk I'm not really sure how to ask it.
... View more