<%inherit file="//layout/base.html" /> <%namespace name="lib" file="//lib.html" import="*" /> <%def name="js()"> ${parent.js()} ${lib.script_tags(files=[ "/static/js/i18n.js", "/static/js/contrib/json2.js", "/static/js/contrib/lowpro_for_jquery.js", "/static/js/contrib/jquery-ui-1.8.5.custom.min.js", "/static/js/util.js", "/static/js/logger.js", "/static/js/contrib/jquery.bgiframe.min.js", "/static/js/popup.js" ])} <%def name="css()"> <%coreCSSFiles = ["/static/css/view.css", "/static/css/skins/default/default.css", '/modules/nav/AccountBar.css', '/static/css/print.css'] %> <%lib:stylesheet_tags files="${coreCSSFiles}" /> <%lib:stylesheet_tags files="${['/static/css/ifx.css']}" /> <%def name="body_element_open()">

${_('Extract fields')}

% if len(successmessage) == 0: ${message} % endif
${csrf_hidden_input()}
${_('Interactive field extractor')}

${_('Teach Splunk how to extract a field by providing it with example values.')}

% if sid == "" or soffset == "":

${_('Enter a simple search. Splunk uses the first search result to populate the selection list below.')}

% endif

${_('(One example per line. Include multiple examples for best results.)')}

Advanced

${_('To extract multiple fields at once, specify a set of field values on each line, separated by a comma:')}
${_('Jan 4 2010,Warning,404')}

${_('If a value example has a comma, define your own separator by making it the first and last character of the line:' )}
#Jan 4, 2010#Warning#404#


${_('Generated pattern (regex)')}

% if regex != None and len(regex) > 0:
    ${regex|h}
% else:

<none>

% endif
<% disabledrevert = disabledsave = '' %> <% if not edited: disabledrevert = 'disabled="disabled"' %> % if regex != None and len(regex)> 0 and testingurl != None: % endif

${_('Sample extractions')}

% if not edited and "<none>" not in extractions:

${_('Validate the extracted values. To improve results, remove incorrect extractions and add more example values.')}

% endif
${extractions}

${_('Sample events')}

${_('This list is based on the event you selected from your search and the field restriction you specified.')}

% for event in events: % endfor
${event}

${_('Save field extraction')}

${_('Note: To ensure the regex works properly, test before you save it.')}

${_('To name multiple fields, specify each name separated by a comma (e.g. "status,url,code".')}

${_('Edit regex')}

${_('Note: FIELDNAME is a placeholder name that will be replaced when you save the regex. Do not change it.')}

${_('Test regex')}

${_('A new Splunk search window will open and allow you to verify that your field is being properly extracted with the values you want.')}

${_('When you are done testing your field, close the search testing window and return to the extract fields window to save your extracting regex or further refine it.')}

${_('Note: The first time you run Test you will need to add the "FIELDNAME" field to the list of fields to display. If extracting multiple fields at once, you will also need to add FIELDNAME1, FIELDNAME2, etc.')}

${_('Successfully saved regex')}

${_('Your field extraction has been saved.')}