Hi,
I have created fields from the raw data successfully. However now I need to extract a portion of the source data (which I imported manually into my Splunk running on a Mac) and create one field.
My source data are actually multiple files that contains log and the machine identifiers is in the source path
Exemple:
splunk_data.zip:./var/www/temp/GetOnline/CG1111/MD/LOG.TXT
splunk_data.zip:./var/www/temp/GetOnline/UV5015/MD/LOG.TXT
The correct regex to extract the machine name would be: (?<=ne\/).*?(?=\/MD)
I have tried all possible answers from that forum and I could not create a field t.hat would include all my machine names.
I was wondering if you guys can shed some light here?
Thanks.
... View more