I know it is possible to skip lines in an input, however, I have the case where I want to skip part of a line.
For example, I have an inputs.conf stanza like the following:
[monitor://C:\temp\example.log]
...
And I have the following log file, example.log:
time/fieldb/fieldc 13:50,200,300
time/fieldb/fieldc 14:00,210,310
time/fieldb/fieldc 14:10,223,305
time/fieldb/fieldc 14:20,215,307
...
I want to only index the part after the space, due to having the index size as small as possible.
Is it possible to somehow **skip** the **"time/fieldb/fieldc"**-part from being indexed?
↧