Hello,
I am attempting to figure out how to extract the following example event for all fields (the real event has ~30 fields but these show all use cases).
{'start_time': '2019-07-30 15:19:20', 'duration': '2', 'ip': '192.168.1.1', 'mac': '00:00:00:00:00:00', 'source': 'open source'}
I started my attempts with delims i found through some googling,
transforms.conf
[my_sourcetype]
DELIMS = "\"{,}", ": "
With this in place the event would have duration and ip extracted, but not mac, source, or start_time.
Any help is appreciated
↧