icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Universal Field Extractor
SHA256 checksum (universal-field-extractor_23.tgz) 8659272ffd64024b7419fcbb4276494194e8fda621cc095871d44a74d7cc1cf5 SHA256 checksum (universal-field-extractor_22.tgz) 81aef82e41eca72a4d629765485936983eb2179d374203cda17fb3814a09966f SHA256 checksum (universal-field-extractor_21.tgz) 021795e45acb7f3bd0c123542093c53935cd1f57c79366588973b772f1d36a79 SHA256 checksum (universal-field-extractor_20.tgz) 5035b635e446e52a942afb5cc13bd1b2c15eeef322a4be8a043416235a798bf2 SHA256 checksum (universal-field-extractor_143.tgz) 28d6536f22ca189e6bf5993b1a8512a30a137aff68c9da04762f2247e212ea6b SHA256 checksum (universal-field-extractor_145.tgz) 9b75be7c5cec7165e8404ff8aa261ef6e606be7bc594c5f86719e395160a2903 SHA256 checksum (universal-field-extractor_150.tgz) b3383577630f5e7811ff9562a8a41ab7be497aeb443ec2518f4243771b2042dd SHA256 checksum (universal-field-extractor_160.tgz) 84ea5828ee5e785392be22cce3b5aa5f7d53ceb3fd7b5bdba85e1d4bad9a8c80 SHA256 checksum (universal-field-extractor_102.tgz) 0a4b349b4069db5f02b92e6f5b75281f62523a4f7caba9cd603ab58d76e78c0a SHA256 checksum (universal-field-extractor_101.tgz) fa78cff680c76339b0ceb76285d1d6c887fb7790194328ce2d9532a255f0e7b5 SHA256 checksum (universal-field-extractor_0997beta.tgz) bd455c162b368a00794abd2bffcc6520fcc59851d1b1d861794c09ee81c74119 SHA256 checksum (universal-field-extractor_0996beta.tgz) 30e6b6781c411b16d75d1861e8e2dbe12de1f358fa44982f35f556bacdbcaa9a SHA256 checksum (universal-field-extractor_0995beta.tgz) 5c583fbc19ff15e12a22891a65585d9df0d026c1a79827a97cc7bc67aecf0d60 SHA256 checksum (universal-field-extractor_0992beta.tgz) 21d03b6a89dfb964bfec9447a1888d6bde174319645fea528d841244773d19e2 SHA256 checksum (universal-field-extractor_0991beta.tgz) 5c53635f99882e7f1e74e8bd87a2a6840e3f23cc9d11fa2d3a4fe6cda73f7717 SHA256 checksum (universal-field-extractor_099beta.tgz) 40e8e2182abcea0d25d1a75ee336640d4e18a9807a7a7298066b6ba1ac67b769 SHA256 checksum (universal-field-extractor_098beta.tgz) 2a26280f1ac520dd981c3329a9048e29658ff3b4b7f00ab9e96eaadc9ed114f6 SHA256 checksum (universal-field-extractor_097beta.tgz) 640373009556d5db378687318db04e62f33e3cdc8ce0ff415bc857a2019122bd SHA256 checksum (universal-field-extractor_096beta.tgz) 404848c6e48aa8d22c4d3770d34ce5f5a3210389beea3e1f51c337f58af7c322 SHA256 checksum (universal-field-extractor_095beta.tgz) 2b5b39413a582c905775de7fd4588124a6213db40c2681df74d52a2eddc8279d SHA256 checksum (universal-field-extractor_093beta.tgz) 5ab7c17486df6a53fe6810d7460ce29f4f215a4f4027a683d9b8cdcb5a8e0597 SHA256 checksum (universal-field-extractor_091beta.tgz) 49df18dfe2a9b34456e69ecbeffcda70ac734a92b3a659a80420dc1a3e55f7b1 SHA256 checksum (universal-field-extractor_09beta.tgz) 2dca131ebde3925fecc78c70a44b0af7043257d1a24b3d87669d33b3ad367bc1
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Universal Field Extractor

Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
Highlight some text and Splunk will automatically learn to extract your fields!

keywords: regex, regexes, regular expression, regular expressions, pcre, fields, field extraction, machine learning, ai

Field Extractor and Anonymizer

Teach Splunk to automatically extract fields from your data, by just highlighting text!

Video Walk-through of this app!

  • Highlights new extractions as well as showing all existing extractions and fields.
  • Choose to have fields anonymized at index time for security (e.g. passwords, SSNs, IPs, etc).
  • Extract fields from other fields (e.g. pull out machine-type from host).
  • Have fields extracted at search-time or index-time.
  • Edit extraction, Save, Text, and Delete new and existing extractions
  • Set permissions as public or private.
  • Shows only the existing extractions for the type of data being analyzed.
  • Supports multiple indexes and system-wide changes or app specific.
  • Supports multiple fields extracted from one extraction.
  • Adds Workflow actions so you can go directly from an event to working on its sourcetype's field extractions

VOTE THIS APP UP!

Release Notes

Version 2.3
May 21, 2014

Supports remote indexes and fixed debugging notice.

Version 2.2
May 20, 2014

Fixed bug when it couldn't find indexes by added support for remote indexes.

Version 2.1
Jan. 15, 2014

updated corner case

Version 2.0
Dec. 24, 2013

Updated modern look.

Version 1.43
July 25, 2013

update packaging

Version 1.45
July 25, 2013

update package

Version 1.50
July 25, 2013

fixed long standing highlighting bug.

Version 1.60
July 25, 2013

Major speed up in getting started, working on regex. Previously the app did a great deal of work to find existing defined regexes, even if the regexes are defined in a different stanza. Now this is an option turned off by default.

Version 1.02
April 4, 2013

* updated links to help

Version 1.01
March 15, 2012

*FIXED BUG PREVENTING APP FROM WORKING*

* All working now.

* Adds Workflow actions so you can go directly from an event to working on its sourcetype's field extractions

Version 0.997beta
Jan. 17, 2012

Fixes error when existing saved regexes are invalid.

Version 0.996beta
Dec. 15, 2011

Added workflow action to go from search results directly to the field extractor! Updated feedback link.

Version 0.995beta
Dec. 15, 2011

Now you go directly to field extraction from an event with the addition of "Extract Fields (new)" workflow action. When looking at search results on the Splunk search page, find a particular event you wish extract fields from, and select the triangle of actions to the left of the event. You'll be jumped into the new Field Extractor interface pre-filled out with the sourcetype and index of your event.

Version 0.992beta
Sept. 1, 2011

fix problem with logins

Version 0.991beta
Aug. 26, 2011

Updated to prevent CSRF.

Version 0.99beta
June 27, 2011

* preemptive patch on possible problem with older releases.

Version 0.98beta
June 14, 2011

* remove old functionality causing error in options dialog

Version 0.97beta
June 14, 2011

* Fixes an error with the options dialog

Version 0.96beta
May 23, 2011

Fixed problem encountered when a fieldname starts with numbers.

Version 0.95beta
May 16, 2011

Fixed problems on Windows that prevented field extraction.

Version 0.93beta
April 28, 2011

* Fixed problem when default index was empty
* Added Feedback link.

Please give feedback!

Version 0.91beta
March 28, 2011

Improvements
- more streamlined and intuitive workflow
- added app and index settings
- busy animated gif while page is reloading
- moved common options onto screen, out of options dialog.
- added ? icon with tooltip help
- added "result type": latest, diverse, or outliers, to better show sample events that cover more of the data.

Version 0.9beta
Feb. 17, 2011

344
Installs
14,002
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.