I would like to extract both directory and subdirectory information while importing data.
So basically the directory structure is like this
monitor:///data/host_name_first_part/host_name_second_part/*.gz
So in the input.conf I can use either host_segment=2 or host_segment=3
but cannot extract both the information, how can I extract both these information.
I am using unique index name for the data, sourcetype is defined in props.conf
how can extract the host names (separately) so that I can also use them in the search command
(i.e. I can use host_segment as host in the search command)
↧