Use a search-time field extractions with a field transform component when you need to: These search-time field extractions are called transform field extractions and can be defined and managed through the Field transforms page. While you can define most search-time field extractions entirely within nf or the Field extractions page in Splunk Web, some advanced search-time field extractions require a nf component called a field transform. ![]() Why set up a field transform for a field extraction? Navigate to the Field transformations page by selecting Settings > Fields > Field transformations. Define or update the field transform format.Update its regular expression and change the key the regular expression applies to.If you have "write" permissions for a particular field transform, the Field transformations page enables you to: For more information about deleting knowledge objects, see Disable or delete knowledge objects in this manual. Default knowledge objects cannot be deleted. Delete field transforms, if your app-level permissions enable you to do so, and if they are not default field transforms that were delivered with the product. ![]() You can only update field transform permissions if you own the transform, or if your role's permissions enable you to do so. Field transforms created through the Field transformations page are initially only available to their creators until they are shared with others. Update permissions for field transforms.For more information about situations that call for the use of field transforms, see "When to use the Field transformations page," below. Create new search-time field transforms. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |