icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Universal Field Extractor
SHA256 checksum (universal-field-extractor_23.tgz) 448ead35f0719c6f6c60801fa3ed80f4813c1d0b2d5c0d674166e898a1d3967b SHA256 checksum (universal-field-extractor_22.tgz) 1245a494d61db5be250b2fda4de006389ae7214e8a2b960b1d0c678a449cccb2 SHA256 checksum (universal-field-extractor_21.tgz) 222939b52b60c19ff6f12faede6c3394f0be20fd1eee930d35bc9fd634f7bd00 SHA256 checksum (universal-field-extractor_20.tgz) d0196214cf2c3423b2c2f51cfe4f3bcc6758e6eb51aa78c8ad0bd017409905f9 SHA256 checksum (universal-field-extractor_143.tgz) 99c7c70c2f2bbc67bcbd8af2a48dec7e08693a154d0bd04977819f7d835b5d03 SHA256 checksum (universal-field-extractor_145.tgz) 7e064c2a31b4981fd195905ed28ae136d6933be4d1feae9f988b43809cd6090a SHA256 checksum (universal-field-extractor_150.tgz) 0269c88a60481cfbf05cc18141fd010c8d4f306d03029ee48f0cca8d05ab0d9c SHA256 checksum (universal-field-extractor_160.tgz) 8b8fefd460a94b63b067ac236c2759586cad301f9663d697dc8cf07a8ef5d69a SHA256 checksum (universal-field-extractor_102.tgz) caa276837a69708b813791f9165716c5a1668a38ffb8958f4ed6beada340810e SHA256 checksum (universal-field-extractor_101.tgz) a3efde680b36632f977a05f4424da405b12331fd201a045bc8d8f6d70808f3bc SHA256 checksum (universal-field-extractor_0997beta.tgz) 75a53e0582e82a63b2eb7cbf6364a034b2cda4608d370fb8269f916f64b53dbf SHA256 checksum (universal-field-extractor_0996beta.tgz) 2fd58a79774abee098a4c978a306ed66604af780cf05c7c6647a6f084dbc47ff SHA256 checksum (universal-field-extractor_0995beta.tgz) 4ca027f26e21a9c17eb16288e19b60f32b202300a3efce92d38f3d87300156f3 SHA256 checksum (universal-field-extractor_0992beta.tgz) 39744002f87bad5d77b48bd410746ece7a7cddd85e724a19c2717fd97cc87d0d SHA256 checksum (universal-field-extractor_0991beta.tgz) 84afa3f4cbf35edb603b2aa3dac6a9b42199a5d94558427126adaf4d0bb312a2 SHA256 checksum (universal-field-extractor_099beta.tgz) a30b328ab23df78f62f176d52e515e0d1eca3840863678d9abaa0146900c2860 SHA256 checksum (universal-field-extractor_098beta.tgz) fe0d5ac9ef752f5b44e63893804e24dafe916342b9d23702c951c9e08cd25fec SHA256 checksum (universal-field-extractor_097beta.tgz) a2d19e4591b2f887a08405018fb0cfdef66a6586dded6764dbe39bb910d9dd4e SHA256 checksum (universal-field-extractor_096beta.tgz) 716bc2d373a7ae9b11d7f4b47442263e666d06d4acbb33bb39997f778721f6b5 SHA256 checksum (universal-field-extractor_095beta.tgz) d2edef8db39e6f7b46026986b05ae8f6e222f0f36e099c71b1afbca5a8dc7cb1 SHA256 checksum (universal-field-extractor_093beta.tgz) d3ed68a638738d2bdc0c6b2966074063aca267791a3be205de7776d83094e666 SHA256 checksum (universal-field-extractor_091beta.tgz) a56fc37956b1dec7322634d08a236abba0fe6a859f6dc9002bc09ae94e957944 SHA256 checksum (universal-field-extractor_09beta.tgz) b40270b79866cb3bb64ba54dca139054b045c9c543225412146e7af8832e3c20
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Universal Field Extractor

This app has been archived. Learn more about app archiving.
This app is NOT supported by Splunk. Please read about what that means for you here.
Highlight some text and Splunk will automatically learn to extract your fields!

keywords: regex, regexes, regular expression, regular expressions, pcre, fields, field extraction, machine learning, ai

Field Extractor and Anonymizer

Teach Splunk to automatically extract fields from your data, by just highlighting text!

Video Walk-through of this app!

  • Highlights new extractions as well as showing all existing extractions and fields.
  • Choose to have fields anonymized at index time for security (e.g. passwords, SSNs, IPs, etc).
  • Extract fields from other fields (e.g. pull out machine-type from host).
  • Have fields extracted at search-time or index-time.
  • Edit extraction, Save, Text, and Delete new and existing extractions
  • Set permissions as public or private.
  • Shows only the existing extractions for the type of data being analyzed.
  • Supports multiple indexes and system-wide changes or app specific.
  • Supports multiple fields extracted from one extraction.
  • Adds Workflow actions so you can go directly from an event to working on its sourcetype's field extractions


Release Notes

Version 2.3
May 21, 2014

Supports remote indexes and fixed debugging notice.

Version 2.2
May 20, 2014

Fixed bug when it couldn't find indexes by added support for remote indexes.

Version 2.1
Jan. 15, 2014

updated corner case

Version 2.0
Dec. 24, 2013

Updated modern look.

Version 1.43
July 25, 2013

update packaging

Version 1.45
July 25, 2013

update package

Version 1.50
July 25, 2013

fixed long standing highlighting bug.

Version 1.60
July 25, 2013

Major speed up in getting started, working on regex. Previously the app did a great deal of work to find existing defined regexes, even if the regexes are defined in a different stanza. Now this is an option turned off by default.

Version 1.02
April 4, 2013
  • updated links to help
Version 1.01
March 15, 2012


  • All working now.

  • Adds Workflow actions so you can go directly from an event to working on its sourcetype's field extractions

Version 0.997beta
Jan. 17, 2012

Fixes error when existing saved regexes are invalid.

Version 0.996beta
Dec. 15, 2011

Added workflow action to go from search results directly to the field extractor! Updated feedback link.

Version 0.995beta
Dec. 15, 2011

Now you go directly to field extraction from an event with the addition of "Extract Fields (new)" workflow action. When looking at search results on the Splunk search page, find a particular event you wish extract fields from, and select the triangle of actions to the left of the event. You'll be jumped into the new Field Extractor interface pre-filled out with the sourcetype and index of your event.

Version 0.992beta
Sept. 1, 2011

fix problem with logins

Version 0.991beta
Aug. 26, 2011

Updated to prevent CSRF.

Version 0.99beta
June 27, 2011
  • preemptive patch on possible problem with older releases.
Version 0.98beta
June 14, 2011
  • remove old functionality causing error in options dialog
Version 0.97beta
June 14, 2011
  • Fixes an error with the options dialog
Version 0.96beta
May 23, 2011

Fixed problem encountered when a fieldname starts with numbers.

Version 0.95beta
May 16, 2011

Fixed problems on Windows that prevented field extraction.

Version 0.93beta
April 28, 2011
  • Fixed problem when default index was empty
  • Added Feedback link.

Please give feedback!

Version 0.91beta
March 28, 2011

- more streamlined and intuitive workflow
- added app and index settings
- busy animated gif while page is reloading
- moved common options onto screen, out of options dialog.
- added ? icon with tooltip help
- added "result type": latest, diverse, or outliers, to better show sample events that cover more of the data.

Version 0.9beta
Feb. 17, 2011

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.