I am facing this problem since very beginning. By default fields are being extracted using delimiter '='.
For eg: if an event contains symbol equals "=" in raw text, left side of it will be considered as field name and right part will be treated as field value.
Does this come with default splunk settings? If so how i can manually disable this?
How can avoid seeing these unwanted fields being extracted?
I know we can easily avoid this by All fields ==> Coverage 1% or more. But i still see fields whose coverage is 100%.
Can somebody help me with this? Thanks
... View more