Hi splunk gurus,
I am new to Splunk and having some difficulty with a search time field extraction.
This is a sample log I would like to parse. (FIX log)
20181009-14:55:41.450 : 8=FIX.4.29=6435=034=295849=BLAH4252=20181009-14:55:41.44556=BLAH4210=115
Inputs.conf
[default]
host = ..servername..
index = ..blah..
[monitor://D:\test\FIX\fix2.log]
sourcetype = test-fix-logs2
transforms.conf
[test1]
REGEX = 8=(?P<tag_8>[^,]*?)\cA
FORMAT = tag_8::$1
[test2]
REGEX = \cA9=(?P<tag_9>[^,]*?)\cA
FORMAT = tag_9::$1
props.conf
[test-fix-logs2]
REPORT-class1 = test1
REPORT-class2 = test2
I have spent a few hours, but I couldn't find what could be potentially wrong as I don't see those two fields ('tag_8' & 'tag_9') in the search result in Splunk Web.
Can anyone please advise?
... View more