I need to extract the field clientBizId from splunk events. For my application, log events are not indexed properly (see attachment). If I build a regular expression to extract the value of clientBizId, sometimes it may not work properly because of indexing.
Here I have two options.
1. Correct splunk forwarder or something else to index logs correctly. (I have no idea how to fix it)
2. a right approach to log clientBizId with value, so that it can be easily extracted and works in any case.
I need help on option 2. If I log something like "clientBizId=GMS_USA_company", does it work?
Regards,
Naveen
... View more