You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 lines
799 B
25 lines
799 B
5 months ago
|
# Version 9.2.2.20240415
|
||
|
|
#
|
||
|
|
# This file contains an example fields.conf. Use this file to configure
|
||
|
|
# dynamic field extractions.
|
||
|
|
#
|
||
|
|
# To use one or more of these configurations, copy the configuration block into
|
||
|
|
# fields.conf in $SPLUNK_HOME/etc/system/local/. You must restart Splunk to
|
||
|
|
# enable configurations.
|
||
|
|
#
|
||
|
|
# To learn more about configuration files (including precedence) please see the
|
||
|
|
# documentation located at
|
||
|
|
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
|
||
|
|
#
|
||
|
|
# These tokenizers result in the values of To, From and Cc treated as a list,
|
||
|
|
# where each list element is an email address found in the raw string of data.
|
||
|
|
|
||
|
|
[To]
|
||
|
|
TOKENIZER = (\w[\w\.\-]*@[\w\.\-]*\w)
|
||
|
|
|
||
|
|
[From]
|
||
|
|
TOKENIZER = (\w[\w\.\-]*@[\w\.\-]*\w)
|
||
|
|
|
||
|
|
[Cc]
|
||
|
|
TOKENIZER = (\w[\w\.\-]*@[\w\.\-]*\w)
|