Creating Field Extractions is a Splunk Education course that teaches how to enrich raw machine data by extracting meaningful fields at search time and index time.
What You Will Learn
- Use the Interactive Field Extractor (IFX) to create field extractions from sample events
- Write regular expressions to extract fields from complex or custom log formats
- Configure index-time versus search-time field extractions and understand the tradeoffs
- Create field aliases, calculated fields, and lookups to enrich extracted data
- Manage and troubleshoot field extraction configurations in props.conf and transforms.conf
Who Should Attend
Splunk power users, knowledge managers, and Splunk administrators who work with custom or non-standard log formats.
Prerequisites
Familiarity with Splunk search fundamentals and basic knowledge of regular expressions is recommended.
