Hello Everyone,
I had a quick question about Field Extraction and replication (copying) the specific field extraction setup to a different Splunk Environment.
Scenario:
We currently have a sandbox with a Splunk environment and I was testing getting field extraction to work correctly with a specific set of logs. I copied the logs to the sandbox, and was able to successfully get the field extraction for this specific log working correctly.
I tried to copy the .conf files (specifically the props.conf and the inputs.conf) which detailed this specific Field Extraction to our real PRODUCTION Splunk environment, to see if I could get the new field extractions to display.
HOWEVER, on search-time the field extractions refuse to come up in the search-head and I am unsure why.
If anyone could offer any assistance, it would be greatly appreciated!
Thanks,
--Asif Ahmad
... View more