Hi
I am receiving data through a UF from a script running on a HPUX server. the for mat of the data is as follows.
group=NAME1 group_id=ID1 group_mem=MEMBER1,MEMBER2,MEMBER3,MEMBER4
There are no specific field extractions in place when the data gets into splunk the automatic field extractions give me field like this.
group = NAME1
group_id = ID1
group_mem - MEMBER1
The items MEMBER2-4 although appearing in the raw record are not being extracted to a field.
I am also not clear on where the auto extractions are taking place, on the UF, Indexer or at search time
Can anyone point me in the right direction?
thanks
↧