Reputation: 1508
Splunk: How to extract fields directly in search bar without having to use regular expressions?
I find it very hard to use regular expressions directly in the search bar to extract fields. Another problem is that I do not have the permission to share my extracted fields (extracted by the field extractor and stated in field extractions) with other people. I am now looking for another way to extract fields directly in the search bar. Is there something like this possible in Splunk?
Thanks!
Upvotes: 0
Views: 788
Answers (1)
Reputation: 9926
Regular expressions aren't so bad once you've had some practice. Think of them as another programming language to know.
There are other ways to extract fields, but most are less efficient and all are less flexible.
The spath and xpath commands will extract fields from JSON and XML, respectively.
multikv extracts fields from table-formatted data (like from top).
The extract command can be used to parse key/value pairs into fields.
The eval command can be used in combination with various functions to parse events into fields.
Upvotes: 1
Related Questions
- How to extract the data present in {} in Splunk Search
- Splunk: How to extract a field containing spaces
- How to extract a field from a Splunk search result and do stats on the value of that field
- Splunk Streamlined search for specific fields only
- How to modify regular expressions so that it extracts same fields of both fields?
- Splunk: How to extract field directly in Search command using regular expressions?
- Splunk - regex extract fields from source
- Splunk extracted field in dashboard
- Extracting certain fields from Splunk query results
- Splunk: how to extract fields using regular expressions? like rex in splunk search