All,
I have a soucetype that is quite complex. So I need to leave autoKV extractions on. In one of the logs there is a key value which is the line of an error. Literally line=1234. I see in props.conf a coworker explicitly is extracting line as line=(?\d*) . Is there any value to this? Given we have autoKV on, seems rather redundant.
I can imagine a situation where a user might be looking at a million of these records. So think there is value there?
↧