This is simple steps to extract a duplicated field from raw data.
1. As you can see below capture, there are same data on existing field and raw data. Let’s make a separated field to have Splunk knows it is different value.
2. Click " Extract Fields"
3. Copy a exact part of field. In this case, it would be "src="222.68.x.x:0"
4. Paste of the wish data on "Example value for a field". It will generate a general expression value for you. Click "Generate"
5. Check data field on yellow backgroup color to see what you are exactly extracting.
6. Regular Expression pattern has been generated
7. Save it as "src_ip"
8. "Close"
9. Now, you see a new "src_ip" filed on interesting fields section.