|
There seems to be a bug in the interactive field extractor regarding the naming of fields. If copy-pasting a regex (crafted through However, there is nothing stopping you from saving a field extraction which has the default Couldn't the same error checking be applied here, since this is a more likely scenario than the copy/paste variant? This was tested on Splunk 4.3.1 (win-64), and neither the Changelog nor Known Issues for 4.3.2 mention this. Best regards, Kristian |
|
Thanks for submitting this issue Kristian. I just wanted to add that I originally found this problem on Ubuntu Server 12.04 LTS 64 bit. I think it was a sort of happy accident that I discovered this after trying your suggestion to help fix my non-working extraction. The reality is that this is probably happening to a lot of people. I wouldn't think that using the IFX tool and naming extractions with hyphens is terribly uncommon. Regards, -Dan |
