TechQA.

Incorrect Extraction of fields in Splunk

210 views Asked by At

I tried to perform 'add extraction' in the Splunk on the following data :

Line 771927: ERR: N17739 Limit switch X- 30.05.2015 23:28:26.405

I want 'Line 771927: ERR:' as one field, 'ERR: N17739 Limit switch X-' as another one field, '30.05.2015' as another one field and '23:28:26.405' as last field.

When I tried to extract,this line worked perfect but the below line throws error:

Line 772014: ERR: N17738 Limit switch Y+ 30.05.2015 23:32:10.694

Though both the lines have same pattern, I am not able to extract second one.

Can anyone please help on this.

field extract splunk
Original Q&A
0

There are 0 answers

Related Questions in FIELD

Related Questions in EXTRACT

Related Questions in SPLUNK

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions