Contenu
This three-hour course is for knowledge managers who want to learn about field extraction and the Field Extractor (FX) utility. Topics will cover when certain fields are extracted and how to use the FX to create regex and delimited field extractions.
Certifications
Cette formation prépare à la/aux certifications:
Pré-requis
To be successful, students should have a solid understanding of the following:
- How Splunk works
- Knowledge objects
Objectifs
- Using the Field Extractor
- Creating Regex Field Extractions
- Creating Delimited Field Extractions
Outline: Creating Field Extractions (CFE)
Topic 1 - Using the Field Extractor
- Understand types of extracted fields and when they are extracted
- Explore the Splunk Web Field Extractor (FX)
Topic 2 - Creating Regex Field Extractions
- Identify basics of regular expressions (regex)
- Understand the regex field extraction workflow
- Edit regex for field extractions
Topic 3 - Creating Delimited Field Extractions
- Identify delimited field values in event data
- Understand the delimited field extraction workflow