Hi all,
I am new to Splunk. I was stuck on how to extract data from the original log before indexing them.
Below is my original log
160.19.104.25 2013-05-21 15:46:50 160.80.38.178:15010 GET /lbHealthMon/index.jsp HTTP/1.1 200 322 - 5249409c3873c79f:-7d44c4c8:13e78cbed15:-7fc5-000000000002f28c 28 1369122410946 0.0020 160.19.104.25 2013-05-21 15:46:50 160.80.38.178:15010 GET /lbHealthMon/index.jsp HTTP/1.1 200 322 - 5249409c3873c79f:-7d44c4c8:13e78cbed15:-7fc5-000000000002f28c 28 1369122410946 0.0020
I want to extract some of the information(let say "IP address", "date" and "time") and use Heavy Forwarder to send to indexer for index.
Can anyone please kindly help me to figure it out?
Best regards,
Kelvin