Hi Folks
Have an issue where some of my log entries contain null fields in which i need to populate in order to run stats against.
From the csv dump below, dest_port is empty so i need to basically say:
where rule=SSH-ACL, polulate empty dest_port field with a value of 22
where rule=NTP-ACL, polulate empty dest_port field with a value of 123
thanks in advance.
![alt text][1]
[1]: /storage/temp/284602-splunkpost.jpg
↧