Thanks For Downloading!Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows: Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into Unix/Linux: Decompress the downloaded file using a tool like DescriptionHighlight some text and Splunk will automatically learn to extract your fields! Field Extractor (requires Splunk 4.2 or later)Teach Splunk to automatically extract fields from your data, by just highlighting text!
VOTE THIS APP UP! Versions and Release Notes
Version 1.01 (current version - updated Mar 15, 2012)
release notes:
*FIXED BUG PREVENTING APP FROM WORKING*
* All working now.
* Adds Workflow actions so you can go directly from an event to working on its sourcetype's field extractions
Version 0.997beta
(updated Jan 17, 2012)
release notes:
Fixes error when existing saved regexes are invalid.
Version 0.996beta
(updated Dec 15, 2011)
release notes:
Added workflow action to go from search results directly to the field extractor! Updated feedback link.
Version 0.995beta
(updated Dec 15, 2011)
release notes:
Now you go directly to field extraction from an event with the addition of "Extract Fields (new)" workflow action. When looking at search results on the Splunk search page, find a particular event you wish extract fields from, and select the triangle of actions to the left of the event. You'll be jumped into the new Field Extractor interface pre-filled out with the sourcetype and index of your event.
Version 0.992beta
(updated Sep 01, 2011)
release notes:
fix problem with logins
Version 0.991beta
(updated Aug 26, 2011)
release notes:
Updated to prevent CSRF.
Version 0.99beta
(updated Jun 27, 2011)
release notes:
* preemptive patch on possible problem with older releases.
Version 0.98beta
(updated Jun 14, 2011)
release notes:
* remove old functionality causing error in options dialog
Version 0.97beta
(updated Jun 14, 2011)
release notes:
* Fixes an error with the options dialog
Version 0.96beta
(updated May 23, 2011)
release notes:
Fixed problem encountered when a fieldname starts with numbers.
Version 0.95beta
(updated May 16, 2011)
release notes:
Fixed problems on Windows that prevented field extraction.
Version 0.95beta
(updated May 16, 2011)
release notes:
Fixed problems on Windows that prevented field extraction.
Version 0.93beta
(updated Apr 28, 2011)
release notes:
* Fixed problem when default index was empty
* Added Feedback link.
Please give feedback!
Version 0.91beta
(updated Mar 28, 2011)
release notes:
Improvements
- more streamlined and intuitive workflow
- added app and index settings
- busy animated gif while page is reloading
- moved common options onto screen, out of options dialog.
- added ? icon with tooltip help
- added "result type": latest, diverse, or outliers, to better show sample events that cover more of the data.
Version 0.9beta
(updated Feb 17, 2011)
|
Using it at Interop and the instance of the new field extractor errored out:
Unable to initialize workflow information: [HTTP 404] https://127.0.0.1:8089/services/search/jobs/1336419940.1666; [{'text': 'Unknown sid.', 'code': None, 'type': 'FATAL'}])
Stacktrace: Traceback (most recent call last): File "<string>", line 383, in initInfoFromWorkflow File "/opt/splunk/lib/python2.7/site-packages/splunk/search/init.py", line 331, in getJob return SearchJob(sid, hostPath, sessionKey, message_level=message_level, status_fetch_timeout=status_fetch_timeout) File "/opt/splunk/lib/python2.7/site-packages/splunk/search/init.py", line 486, in init self._getStatus(True) File "/opt/splunk/lib/python2.7/site-packages/splunk/search/init.py", line 776, in _getStatus serverResponse, serverContent = rest.simpleRequest(uri, getargs=args, sessionKey=self.sessionKey, raiseAllErrors=True) File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/init.py", line 453, in simpleRequest raise splunk.ResourceNotFound(uri, extendedMessages=extractMessages(body)) ResourceNotFound: [HTTP 404] https://127.0.0.1:8089/services/search/jobs/1336419940.1666; [{'text': 'Unknown sid.', 'code': None, 'type': 'FATAL'}]
"restrict extractions to host" =
I'd love to be able to start typing an IP address and it would fill in OR if they were in numerical or alphabetical order. Aside form that it's absolutely awesome.
"Unkown Index"
In our environment the app does not work. Using Splunk 4.2.3
In a yellow bar:
- Stacktrace: Traceback (most recent call last): File "<string>", line 393, in initInfoFromWorkflow File "<string>", line 484, in setCurrentIndex ModelException: Ignoring unknown index 'cs_std_prod_sat_200'
And in a red bar:
- Unable to initialize workflow information: Ignoring unknown index 'cs_std_prod_sat_200'
Regards,
Jens
Funny to see that the first version downloadable from here works fine with Splunk 4.3 :)!
Great app but has some issues with long or complex fields
Nice app super handy for in class demos !
Great app! Super handy visual field extractor.
Hey this thing really works. Try it you'll like it.
I have a project that will require about 30 field extractions to be created and this will make it childs play.
More review later after the project is complete.
