Configure indexed field extraction
Splunk software extracts various fields at index time. You can configure and modify how the software performs this field extraction.
Splunk software can extract the following fields at index time:
- Default fields
- Custom fields
- File header fields
Splunk software always extracts a set of default fields for each event. You can configure it to extract custom fields and, for some data, file header fields.
For more information on indexed field extraction, see the Configure indexed field extraction chapter.
Configure event timestamps | Anonymize data |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!