Hi there,
One of UF is configured to send logs to sourcetype testData.
I'd like to push some of those logs matching a certain pattern (all logs matching the "[A][B]" pattern) to sourcetype testData_B.
Sample of log
[A][B] blabla
[A][C] blabla
I tried to use transforms and field extraction but I couldn't make it work. I don't have ssh access so I did via the web interface
**Transformation**
![alt text][2]
**Field extraction**
![alt text][1]
[1]: /storage/temp/255084-fieldextraction.png
[2]: /storage/temp/255085-transfo.png
What's wrong with my setup?
Thanks!
↧