If I have log files with multiple logs in them of different formats, and I only want to receive one instance of the Login_ID, though it occurs multiple times in the file in different logs, therefore they will all have the same sourcetype. I currently have the Login_Success_ID:1234545 in this format and want to use the field extractor to get this value because I only want the users that were able to login that is why I want one instance of the userid in the whole log file. Could someone explain how I could do this with the field extractor or if I need to change the format of the log file itself.
↧