Splunk® Enterprise

Knowledge Manager Manual

Download manual as PDF

Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Field Extractor: Select Sourcetype step

In the Select Sourcetype step of the field extractor, select a source type for the field extraction. All field extractions defined by the field extractor utility are tied to a source type.

Note: When you enter the field extractor after you run a search, the set of source types that you can choose from is limited to those discovered in the results returned by the search. To get the full set of source types in your Splunk Enterprise instance, go to the Field Extractions page in Settings.

1. Choose a Source type for your field extraction.

2. Click Next to go to the Select Sample step.

This screenshot is an example of the source type listing you see when you enter the field extractor from the Field extractions page in Settings.

Dsh FX select sourcetype.png

Select Sourcetype step omission conditions

The field extractor bypasses the Select Sourcetype step when you define a source type before you enter the field extractor. This can happen when you enter the field extractor:

Last modified on 23 May, 2015
Build field extractions with the field extractor
Field Extractor: Select Sample Event step

This documentation applies to the following versions of Splunk® Enterprise: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters