Events:
com.texh.servers.policy.assertion.ServerAuditDetailAssertion: 9879:
com.texh.log.custom.Applications: 9999:
com.texh.log.custom.paymentRedirects: 8800:
com.texh.log.custom.Permission: 9999:
com.texh.logs.system.Application: 8877:
com.texh.logs.policy.assertion: 0880:
| rex field=_raw "^(?:[^ \n] ){6}(?P[^ ]+)" and "^(.\w?):"
I tried above but its not correct
I need to extract these ServerAuditDetailAssertion, Applications paymentRedirects Permission Application assertion to any new field.
Can Someone help me on this?
↧