There are different ways to add an attribute to an object. In this book, we will utilize extracted attributes based on fields and regular expressions. Go ahead and carry out these steps:
- Click on the Add Field dropdown and select Auto-Extracted.
- Scroll down the list of auto-extracted fields and select the fields that we have manually extracted in Chapter 2, Bringing in Data, as listed and shown in the bullet list, followed by the screenshot:
- http_method
- http_response_time
- http_status_code
- http_uri
- http_user_agent
- If you look closely, you'll see Splunk has automatically classified the attributes based on assumed data type (for instance String for http_method and Number for http_status_code). You can do the same steps if you missed an attribute.
Your newly added attributes are now in the Extracted section and will also be inherited by all child objects, as a child object in Splunk inherits the constraints and attributes of a parent object.
Tip from the Fez: You've just seen how work completed in an earlier chapter is reused, in this case, fields extracted from our data source. As your Splunk environment grows, a constant push to consolidate and standardize logic and fields will improve data quality, as well as Splunk's general usability for casual and business users.