field extractor

field extractor

noun

A Splunk Enterprise utility that helps you to dynamically create custom fields. First, you highlight portions of a sample event that should be extracted as fields. Then the field extractor generates a regular expression that extracts those fields from similar events. You can validate the extraction results and improve extraction accuracy by removing false-positive matches. The field extractor can build only search-time field extractions that are associated with specific source types.

For more information

In the Knowledge Manager Manual:

*
W